Browser version scriptSkip Headers

Oracle® Fusion Applications Coexistence for HCM Implementation Guide
11g Release 1 (11.1.4)
Part Number E20378-02 		Go to contents page
Contents 		Go to Previous page
Previous 		Go to previous page
Next

16 Define Security for Human Capital Management for Coexistence

This chapter contains the following:

Defining Security for Human Capital Management for Coexistence: Explained

FAQs for Define Security for Human Capital Management for Coexistence

Defining Security for Human Capital Management for Coexistence: Explained

This topic explains the HCM coexistence tasks Manage Job Roles and Manage Duties. These tasks are available to a user with the role IT Security Manager. They are performed during implementation using the Oracle Fusion Functional Setup Manager and can be performed subsequently in the Oracle Fusion Human Capital Management (HCM) Setup and Maintenance work area.

Reviewing the Security Reference Implementation

Oracle Fusion HCM provides a comprehensive set of predefined security data, known as the security reference implementation, which includes multiple instances of each of the components in the following table.


Security Reference Implementation Component

Example

Job role

Human Resource Specialist

Abstract role

Employee

Duty role

Worker Work Relationship Termination Duty

Privilege

Terminate Work Relationship

Data security policy

A Human Resource Specialist can terminate work relationship for persons and assignments in their person and assignment security profile

Security profile

View All Workers

For more information on the security reference implementation for Oracle Fusion HCM, see:

You review the security reference implementation to determine whether the predefined components, in particular the job and duty roles, meet enterprise requirements.

Managing Job Roles

If the enterprise job or abstract roles do not exist in the security reference implementation, you may need to create new job or abstract roles. (Having predefined job or abstract roles that the enterprise does not use is not a problem because you do not have to provision those roles to users.)

Job and abstract roles are implemented using Oracle Identity Management (OIM), and you manage them using the Manage Job Roles task. If the security reference implementation contains all enterprise job and abstract roles, you do not need to perform this task.

Managing Duties

The security reference implementation provides one or more duty roles for every function in Oracle Fusion Applications; therefore, you need to create new duty roles only if you create custom functions. Typically, you perform the Manage Duties task to manage the duty-role hierarchy. For example, if you create new job or abstract roles, you use Manage Duties to assign duties to those roles. You also need to consider removing unused duty roles from abstract and job roles; otherwise, HCM coexistence users will have access to functions (for example, in menus) that are not relevant to them.

You are most likely to need to remove duty roles from the following predefined roles, because these roles are not specific to a single feature of the HCM coexistence offering:

For example, the predefined job role Human Resource Specialist inherits the duty role Worker Work Relationship Termination Duty. In the HCM coexistence environment, work relationships must be terminated in the source application; therefore, the Worker Work Relationship Termination Duty is an unused duty role that needs to be removed from the job role.

You manage duty roles in the Oracle Fusion Middleware Authorization Policy Manager (APM) using the Manage Duties task. For guidance about the duty roles that you may need to remove from job and abstract roles, see the Oracle Fusion Applications Workforce Deployment Security Reference Manual.

FAQs for Define Security for Human Capital Management for Coexistence

How do I create new job roles for HCM coexistence users?

If the enterprise job roles do not exist in the security reference implementation, you:

  1. Create the new job roles in Oracle Identity Management (OIM).

    Note

    If you create new job or abstract roles, do not add them to the predefined role categories (HCM - Job Roles and HCM - Abstract Roles). Instead, create your own categories and ensure that the category names end with "Job Roles" or "Abstract Roles", as appropriate. For example, you could create a new category for job roles called ABC - Job Roles.

  2. Attach duty roles to the new job roles in the Oracle Fusion Middleware Authorization Policy Manager (APM).

  3. Run the Oracle Fusion Human Capital Management (HCM) process Retrieve Latest LDAP Changes to ensure that the new job roles are visible in the Oracle Fusion HCM Create Data Role interface.

    If you add custom job or abstract roles to role categories that do not end with "Job Roles" or "Abstract Roles", they do not appear in the list of jobs in Create Data Role.

  4. Perform the Oracle Fusion HCM task Manage Data Role and Security Profiles to create HCM data roles for the new job roles.

  5. Perform the Oracle Fusion HCM task Manage Role Mappings to create role mappings for the new data roles so that the roles can be provisioned to users.

Go to previous page
Previous 		Go to previous page
Next
Go to Table of Contents
Contents 		Go to Feedback page
Contact Us