About Data Access through Security Assignments

As a security administrator, you grant the data security assignments at the user-level.

Data security assignments apply data filters to display only the data corresponding to the security assignment values assigned to the users. For example, John Smith and Marie Pierce are both Accounts Payable Manager in an organization, but John Smith needs to see only the US business unit-specific data and Marie needs to see only the UK business unit-specific data. Even though both have the same functional role, their data security assignments differ. John is assigned all the US business units and Marie is assigned all the UK business units only.

You ensure data-level security with a combination of data roles, security context, and security assignments assigned to the user. Oracle Fusion Data Intelligence maps a security context to a data role. You grant the data security assignments within a security context. Users must have the data role through the group assigned to them in order to have access to the security context and its corresponding list of values to pick from. You assign a user one or more job-specific groups. The groups have data roles mapped to them, and when querying data, the semantic layer applies the data filters.

When you configure the Enterprise Resource Planning report parameters, you're restricting the ledgers, payables business units, and receivables business units to those specific values. To establish the security permissions, you'd need to map users to security assignments. If a user doesn't have security assignment values mapped, then the user doesn't get to see any datasets corresponding to the job role (and implicitly data role) assigned to them. When you add data security assignments to a user, you ensure that the user can access specific data within a security context, such as ledger, payables business unit, or receivables business unit.

For Human Capital Management, the data security is based on the line manager hierarchy defined in Oracle Fusion Cloud Applications for the user having the Line Manager role. For Human Capital Management, the data security is based on the talent acquisition hierarchy defined in Oracle Fusion Cloud Applications for the user having the Job Application or Job Requisition roles. All users can see their own records using the HCM Show context. A user with the HR Analyst role has access to all Human Capital Management data and no security restrictions are applied to the Human Capital Management data set. A user with the Hiring Manager role has access to non-restricted job applications, while users with the Recruiter and Recruiting Manager role can view all job applications. The business unit, legal employer, department, country security context, and related data roles are restricted by contexts and assigned predicate values. To establish the security permissions, you'd need to map users to security assignments