5 Manage Roles, Users, and Access

As the functional administrator or security administrator, you manage users and their access to subject areas and data.

About Managing Roles, Users, and Access

As an administrator, one of your initial tasks is to ensure that users have appropriate access to use Oracle Analytics for Applications.

Access to subject areas and data depends on the roles assigned to the users.

About Roles

Oracle Analytics for Applications provides four role types:

  • Duty roles – Define the duties of a job as an entitlement to perform a particular action, such as access to an AP Transactions subject area.
  • Data roles – Provide access to the transactional data in the tables. Data roles group the users based on the functional access they have through a particular job role and a particular dimension of data. For example, a group of users based on invoices relevant only to their business unit.
  • System roles – Provide a set of privileges that allows users to perform system tasks after signing into Oracle Analytics for Applications, such as administering system settings, performing functional setup, managing security, and modeling data.
  • Job roles – Inherit duty roles, data roles, and application roles that are assigned to users. A job role defines a user business function such as Vice President of Sales, Human Resources Analyst, and Procurement Buyer. Job roles and users are synchronized from Oracle Applications Cloud to Oracle Identity Cloud Service. The job roles are mapped as groups in Oracle Identity Cloud Service. You can also create custom job roles based on your business requirements.
Job Roles

Job roles synchronized from Oracle Applications Cloud into Oracle Identity Cloud Service are:

Job Role Code Job Roles Name Description Associated Data Role, Duty Role, and Application Role Functional Area
ORA_GL_FINANCIAL_ANALYST_JOB Financial Analyst Has Author privileges

Author

OA4F_FIN_GL_ACCESS_SET_DATA

OA4F_FIN_GL_BALANCE_SHEET_ANALYSIS_DUTY

OA4F_FIN_GL_BUDGETS_ANALYSIS_DUTY

OA4F_FIN_GL_DETAIL_TRANSACTIONS_ANALYSIS_DUTY

OA4F_FIN_GL_PROFITABILITY_ANALYSIS_DUTY

GL
ORA_GL_GENERAL_ACCOUNTANT_JOB General Accountant Has Author privileges

Author

OA4F_FIN_GL_ACCESS_SET_DATA

OA4F_FIN_GL_BALANCE_SHEET_ANALYSIS_DUTY

OA4F_FIN_GL_BUDGETS_ANALYSIS_DUTY

OA4F_FIN_GL_DETAIL_TRANSACTIONS_ANALYSIS_DUTY

OA4F_FIN_GL_PROFITABILITY_ANALYSIS_DUTY

GL
ORA_GL_GENERAL_ACCOUNTING_MANAGER_JOB General Accounting Manager Has Author privileges

Author

OA4F_FIN_GL_ACCESS_SET_DATA

OA4F_FIN_GL_BALANCE_SHEET_ANALYSIS_DUTY

OA4F_FIN_GL_BUDGETS_ANALYSIS_DUTY

OA4F_FIN_GL_DETAIL_TRANSACTIONS_ANALYSIS_DUTY

OA4F_FIN_GL_PROFITABILITY_ANALYSIS_DUTY

GL
ORA_AP_ACCOUNTS_PAYABLE_MANAGER_JOB Accounts Payable Manager Has Author privileges

Author

OA4F_FIN_AP_AGING_ANALYSIS_DUTY

OA4F_FIN_AP_BUSINESS_UNIT_DATA

OA4F_FIN_AP_EXPENSES_ANALYSIS_DUTY

OA4F_FIN_AP_HOLDS_ANALYSIS_DUTY

OA4F_FIN_AP_INVOICES_ANALYSIS_DUTY

OA4F_FIN_AP_LIABILITIES_ANALYSIS_DUTY

OA4F_FIN_AP_PAYMENTS_ANALYSIS_DUTY

AP
ORA_AP_ACCOUNTS_PAYABLE_SPECIALIST_JOB Accounts Payable Specialist Has Author privileges

Author

OA4F_FIN_AP_AGING_ANALYSIS_DUTY

OA4F_FIN_AP_BUSINESS_UNIT_DATA

OA4F_FIN_AP_EXPENSES_ANALYSIS_DUTY

OA4F_FIN_AP_HOLDS_ANALYSIS_DUTY

OA4F_FIN_AP_INVOICES_ANALYSIS_DUTY

OA4F_FIN_AP_LIABILITIES_ANALYSIS_DUTY

OA4F_FIN_AP_PAYMENTS_ANALYSIS_DUTY

AP
ORA_AP_ACCOUNTS_PAYABLE_SUPERVISOR_JOB Accounts Payable Supervisor Has Author privileges

Author

OA4F_FIN_AP_AGING_ANALYSIS_DUTY

OA4F_FIN_AP_BUSINESS_UNIT_DATA

OA4F_FIN_AP_EXPENSES_ANALYSIS_DUTY

OA4F_FIN_AP_HOLDS_ANALYSIS_DUTY

OA4F_FIN_AP_INVOICES_ANALYSIS_DUTY

OA4F_FIN_AP_LIABILITIES_ANALYSIS_DUTY

OA4F_FIN_AP_PAYMENTS_ANALYSIS_DUTY

AP
ORA_AR_ACCOUNTS_RECEIVABLE_MANAGER_JOB Accounts Receivable Manager Has Author privileges

Author

OA4F_FIN_AR_ADJUSTMENTS_ANALYSIS_DUTY

OA4F_FIN_AR_AGING_ANALYSIS_DUTY

OA4F_FIN_AR_APPLICATIONS_ANALYSIS_DUTY

OA4F_FIN_AR_BUSINESS_UNIT_DATA

OA4F_FIN_AR_CREDITMEMO_ANALYSIS_DUTY

OA4F_FIN_AR_TRANSACTIONS_ANALYSIS_DUTY

OA4F_FIN_AR_REVENUE_ANALYSIS_DUTY

AR
ORA_AR_ACCOUNTS_RECEIVABLE_SPECIALIST_JOB Accounts Receivable Specialist Has Author privileges

Author

OA4F_FIN_AR_ADJUSTMENTS_ANALYSIS_DUTY

OA4F_FIN_AR_AGING_ANALYSIS_DUTY

OA4F_FIN_AR_APPLICATIONS_ANALYSIS_DUTY

OA4F_FIN_AR_BUSINESS_UNIT_DATA

OA4F_FIN_AR_CREDITMEMO_ANALYSIS_DUTY

OA4F_FIN_AR_TRANSACTIONS_ANALYSIS_DUTY

OA4F_FIN_AR_REVENUE_ANALYSIS_DUTY

AR
ORA_FND_INTEGRATION_SPECIALIST_JOB Integration Specialist Individual responsible for planning, coordinating, and supervising all activities related to the integration of enterprise information systems. Has author privileges.

Author

OA4F_COMMON_DATA_ADMIN_ANALYSIS_DUTY

Common
ORA_PER_HUMAN_RESOURCE_ANALYST_JOB Human Resource Analyst Has Author privileges

OA4F_HCM_HR_ANALYST_VIEW_ALL_DATA

OA4F_HCM_WORKFORCE_CORE_ANALYSIS_DUTY

Author

Workforce
ORA_PER_LINE_MANAGER_ABSTRACT Line Manager Has Author privileges

OA4F_HCM_LINE_MANAGER_DATA

OA4F_HCM_WORKFORCE_CORE_ANALYSIS_DUTY

Author

Workforce
Duty Roles

Duty roles to secure subject areas are:

Duty Role Code Duty Role Name Duty Role Description Functional Area Gets access to Subject Area Display Name OR Associated Role
OA4F_FIN_GL_BALANCE_SHEET_ANALYSIS_DUTY General Ledger Balance Sheet Analysis Duty Object security role to control presentation catalog access to Financials GL Balance Sheet subject area. GL Financials - GL Balance Sheet
OA4F_FIN_GL_PROFITABILITY_ANALYSIS_DUTY Profitability Analysis Duty Object security role to control presentation catalog access to Financials GL Profitability subject area. GL Financials - GL Profitability
OA4F_FIN_GL_DETAIL_TRANSACTIONS_ANALYSIS_DUTY General Ledger Detail Transactions Analysis Duty Object security role to control presentation catalog access to Financials GL Detail Transactions subject area. GL Financials - GL Detail Transactions
OA4F_FIN_GL_BUDGETS_ANALYSIS_DUTY General Ledger Budget Analysis Duty Object security role to control presentation catalog access to Financials GL Budgets subject area. GL Financials - GL Budgets
OA4F_FIN_AP_AGING_ANALYSIS_DUTY Accounts Payable Aging Analysis Duty Object security role to control presentation catalog access to Financials Accounts Payable Aging subject area. AP Financials – AP Aging
OA4F_FIN_AP_INVOICES_ANALYSIS_DUTY Accounts Payable Invoices Analysis Duty Object security role to control presentation catalog access to Financials Accounts Payable Invoices subject area. AP Financials – AP Invoices
OA4F_FIN_AP_LIABILITIES_ANALYSIS_DUTY Accounts Payable Liabilities Analysis Duty Object security role to control presentation catalog access to Financials Accounts Payable Liabilities subject area. AP Financials – AP Liabilities
OA4F_FIN_AP_PAYMENTS_ANALYSIS_DUTY Accounts Payable Payments Analysis Duty Object security role to control presentation catalog access to Financials Accounts Payable Payments subject area. AP Financials – AP Payments
OA4F_FIN_AP_EXPENSES_ANALYSIS_DUTY Accounts Payable Expenses Analysis Duty Object security role to control presentation catalog access to Financials Accounts Payable Expenses subject area. AP Financials - AP Expenses
OA4F_FIN_AP_HOLDS_ANALYSIS_DUTY Accounts Payable Holds Analysis Duty Object security role to control presentation catalog access to Financials Accounts Payable Holds subject area. AP Financials - AP Holds
OA4F_FIN_AR_AGING_ANALYSIS_DUTY Accounts Receivable Aging Analysis Duty Object security role to control presentation catalog access to Financials Accounts Receivable Aging subject area. AR Financials – AR Aging
OA4F_FIN_AR_TRANSACTIONS_ANALYSIS_DUTY Accounts Receivable Transactions Analysis Duty Object security role to control presentation catalog access to Financials Accounts Receivable Transactions subject area. AR Financials – AR Transactions
OA4F_FIN_AR_APPLICATIONS_ANALYSIS_DUTY Accounts Receivable Receipts and Applications Analysis Duty Object security role to control presentation catalog access to Financials Accounts Receivable Receipts and Applications subject area. AR Financials – AR Receipts and Applications
OA4F_FIN_AR_CREDITMEMO_ANALYSIS_DUTY Accounts Receivable Credit Memo Applications Analysis Duty Object security role to control presentation catalog access to Financials Accounts Receivable Credit Memo Applications subject area. AR Financials – AR Credit Memo Applications
OA4F_FIN_AR_ADJUSTMENTS_ANALYSIS_DUTY Accounts Receivable Adjustments Analysis Duty Object security role to control presentation catalog access to Financials Accounts Receivable Adjustments subject area. AR Financials – AR Adjustments
OA4F_FIN_AR_REVENUE_ANALYSIS_DUTY Accounts Receivable Revenue Analysis Duty Object security role to control presentation catalog access to Financials Accounts Receivable Revenue subject area. AR Financials - AR Revenue
OA4F_COMMON_DATA_ADMIN_ANALYSIS_DUTY Data Warehouse Refresh and Usage Tracking Analysis Duty Object security role to control presentation catalog access to Warehouse Refresh subject areas and Usage Tracking subject areas. Common Common - Usage Tracking Statistics

Common - Warehouse Refresh Statistics

OA4F_HCM_WORKFORCE_CORE_ANALYSIS_DUTY Workforce Core Analysis Duty Object security role to control presentation catalog access to Workforce Core subject area. Workforce Workforce - Core
Data Roles

Data roles to secure data are:

Data Role Code Data Role Name Description Functional Area
OA4F_FIN_GL_ACCESS_SET_DATA General Ledger Access Set Data Security Data security role to access ledger set based data GL
OA4F_FIN_AP_BUSINESS_UNIT_DATA Accounts Payable Business Unit Data Security Data security role to access accounts payable business unit based data AP
OA4F_FIN_AR_BUSINESS_UNIT_DATA Accounts Receivable Business Unit Data Security Data security role to access accounts receivable business unit based data AR
OA4F_HCM_LINE_MANAGER_DATA Oracle Analytics for Applications HR Line Manager Data Role Human Capital Management Data Security Policy for Supervisor Hierarchy Workforce
OA4F_HCM_HR_ANALYST_VIEW_ALL_DATA Oracle Analytics for Applications HR Analyst View All Data Role Human Capital Management Data Security Policy for View All Data Workforce
System Roles

The system roles for Oracle Analytics for Applications available in Oracle Identity Cloud Service through Oracle Analytics for Applications provisioning are:

Role Name Role Description Purpose Permissions
Administrator Tenant administrator for service instances Creates and manages Oracle Analytics for Applications instances and administers Oracle Identity Cloud Service users and roles.
  • Creates and manages Oracle Analytics for Applications instances
  • Administers Oracle Identity Cloud Service users and roles
  • Has no access to the Data Pipeline user interface
  • Has no access to the Data Security user interface
  • Has no access to the Job Monitoring Console user interface
  • Has no access to the Console menu
  • Has no access to user and role administration
  • Has no access to decks, cards, KPIs, visualizations, projects, and content
Service Administrator Oracle Analytics for Applications service administrator Customer facing (Snapshots, Connections, System Settings) administrator access to Oracle Analytics for Applications.
  • Can't create snapshots or modify the data model file (RPD)
  • Can access the Data Pipeline user interface
  • Can access the Data Security user interface
  • Has no access to the Job Monitoring console
  • Can access the Console menu
  • Can access the user and role administration pages
  • Can access the Semantic Model Extensions user interface
  • Has read-only access to the ready-to-use Oracle Analytics Cloud objects (visualization projects, dashboards, and analyses)
  • Requests from Oracle Analytics for Applications to Oracle Analytics Cloud are routed through the Service Administrator user
  • Can create, update, and delete the Oracle Analytics Cloud content
  • Has read-only access to the ready-to-use KPIs
  • Can create, update, and delete KPIs
  • Can create, update, and delete decks and cards
  • Can share decks and cards
  • Can create Oracle Analytics Publisher reports
  • Has no access to data modeling
  • Has access to Oracle BI Scheduler
  • Has access to create Oracle Analytics Cloud connections to other non-Oracle Applications sources, such as Excel files and Google drive
  • Has access to create Oracle Analytics Cloud data sets
Functional Administrator Oracle Analytics for Applications functional administrator Performs functional configuration (pipeline, reporting) in Oracle Analytics for Applications.
  • Can access the Data Pipeline user interface
  • Has no access to the Data Security user interface
  • Has no access to the Job Monitoring console
  • Can access the Console menu
  • Has no access to user and role administration
  • Has no access to the Semantic Model Extensions user interface
  • Has no access to the ready-to-use Oracle Analytics Cloud objects (visualization projects, dashboards, and analyses)
  • Has no access to the ready-to-use KPIs
  • Has no access to decks, KPIs, and Oracle Analytics Cloud projects
  • Can't create any Oracle Analytics Cloudcontent and KPIs
  • Can't create, update, and delete decks and cards
  • Can't share decks and cards
  • Has no access to Oracle Analytics Publisher
  • Has no access to data modeling
  • Has no access to Oracle BI Scheduler
  • Has no access to create Oracle Analytics Cloud connections
  • Has no access to create Oracle Analytics Cloud data sets
Security Administrator Oracle Analytics for Applications security administrator Administers system roles and data security.
  • Has no access the Data Pipeline user interface
  • Has access to the Data Security user interface
  • Has no access to the Job Monitoring console
  • Can access the Console menu
  • Has access to user and role administration
  • Has no access to the Semantic Model Extensions user interface
  • Has no access to the ready-to-use Oracle Analytics Cloud objects (visualization projects, dashboards, and analyses)
  • Has no access to the ready-to-use KPIs
  • Has no access to decks, KPIs, and Oracle Analytics Cloud projects
  • Can't create any Oracle Analytics Cloud content and KPIs
  • Can't create, update, and delete decks and cards
  • Can't share decks and cards
  • Has no access to Oracle Analytics Publisher and data modeling
  • Has no access to Oracle BI Scheduler
  • Has no access to create Oracle Analytics Cloud connections
  • Has no access to create Oracle Analytics Cloud data sets
Modeler Administrator Oracle Analytics for Applications data model administrator Promote data model (RPD) customization to the Oracle Analytics Cloud instance.
  • Has no access to the Data Pipeline user interface
  • Has no access to the Data Security user interface
  • Has no access to the Job Monitoring console
  • Can access the Console menu
  • Has no access to user and role administration
  • Can access the Semantic Model Extensions user interface
  • Can access the ready-to-use Oracle Analytics Cloud objects (visualization projects, dashboards, and analyses)
  • Can access the ready-to-use KPIs
  • Can create KPIs
  • Can createOracle Analytics Cloud content
  • Can't create, update, and delete decks and cards
  • Can't share decks and cards
  • Can create Oracle Analytics Publisher reports
  • Has no access to data modeling
  • Has no access to Oracle BI Scheduler
  • Can create Oracle Analytics Cloud connections
  • Can create Oracle Analytics Cloud data sets
Modeler Oracle Analytics for Applications modeler Modify the semantic model to bring in custom dimensions and attributes.
  • Has no access to the Data Pipeline user interface
  • Has no access to the Data Security user interface
  • Has no access to the Job Monitoring console
  • Can access the Console menu
  • Has no access to user and role administration
  • Can access the Semantic Model Extensions user interface
  • Can access the ready-to-use Oracle Analytics Cloud objects (visualization projects, dashboards, and analyses)
  • Can access the ready-to-use KPIs
  • Can create Oracle Analytics Cloud content
  • Can create KPIs
  • Can't create, update, and delete decks and cards
  • Can't share decks and cards
  • Can create Oracle Analytics Publisher reports
  • Has no access to data modeling
  • Has no access to Oracle BI Scheduler
  • Can create Oracle Analytics Cloud connections
  • Can create Oracle Analytics Cloud data sets
Author Oracle Analytics for Applications author Create and edit KPIs, cards, decks, visualization projects, reports, and dashboards.
  • Has no access to the Data Pipeline user interface
  • Has no access to the Data Security user interface
  • Has no access to the Job Monitoring console
  • Has no access to the Console menu
  • Has no access to user and role administration
  • Has no access to the Semantic Model Extensions user interface

  • Has read-only access to the ready-to-use Oracle Analytics Cloud objects (visualization projects, dashboards, and analyses); if you need a change, then create a copy using "Save As"
  • Has read-only access to the ready-to-use KPIs
  • Can edit the custom Oracle Analytics Cloud objects (visualization projects, dashboards, and analyses)
  • Can edit the custom KPIs
  • Can change the filter values for existing visualization projects
  • Can add filters for existing visualization projects
  • Can create and edit Oracle Analytics Cloud content, KPIs, decks, and cards
  • Can delete custom KPIs, decks, and cards
  • Can consume KPIs, cards, and decks created by other users on which they have access permissions
  • Can share decks and cards
  • Can create Oracle Analytics Publisher reports
  • Has no access to data modeling
  • Has no access to Oracle BI Scheduler
  • Has no access to create Oracle Analytics Cloud connections
  • Has access to create Oracle Analytics Cloud data sets
Consumer Oracle Analytics for Applications consumer Read access to Oracle Analytics Cloud content and can create cards and decks.
  • Has no access to the Data Pipeline user interface
  • Has no access to the Data Security user interface
  • Has no access to the Job Monitoring console
  • Has no access to the Console menu
  • Has no access to user and role administration
  • Has no access to the Semantic Model Extensions user interface

  • Has read-only access to the ready-to-use Oracle Analytics Cloud objects (visualization projects, dashboards, and analyses)
  • Has read-only access to the ready-to-use KPIs
  • Has read-only access to the custom Oracle Analytics Cloud objects (visualization projects, dashboards, and analyses)
  • Has read-only access to the custom KPIs
  • Can change the filter values for the existing visualization projects
  • Can't add filters for the existing visualization projects
  • Can't create any Oracle Analytics Cloud content
  • Can't create any KPIs
  • Can create, update, and delete decks and cards
  • Can share decks and cards
  • Has read-only access to Oracle Analytics Publisher
  • Has no access to data modeling
  • Has no access to Oracle BI Scheduler
  • Has no access to create Oracle Analytics Cloud connections
  • Has access to create Oracle Analytics Cloud data sets

About Users

Oracle Analytics for Applications uses the Oracle Applications Cloud users from Oracle Identity Cloud Service.

You also create job roles in Oracle Identity Cloud Service and then assign the job roles to the users. See Create and Associate Users and Job Roles

About Access

You provide access to subject areas and data by assigning job roles to users in Oracle Fusion Application Services. Job roles are associated with duty and data roles.

Create and Associate Users and Job Roles

To access Oracle Analytics for Applications, create Oracle Applications Cloud users and groups (these are the equivalent of job roles in Oracle Applications Cloud) in Oracle Identity Cloud Service and then assign the groups (job roles) to users.

You can either manually create users and job roles and associate them in Oracle Identity Cloud Service or synchronize new users and job roles in Oracle Applications Cloud with Oracle Identity Cloud Service. See Synchronize Oracle Fusion Applications Cloud Service User Identities and Roles with Oracle Identity Cloud Service.

Note:

If you create job roles, job role assignments, and users or revoke existing job roles, job role assignments, or users in Oracle Applications Cloud, then you must also maintain these changes in Oracle Identity Cloud Service each time.
  1. Make a list of the user and job roles in Oracle Applications Cloud who need access to Oracle Analytics for Applications.

    Note:

    You need the exact user and job role names as they are in Oracle Applications Cloud. The names are case-sensitive.
  2. Create Oracle Applications Cloud users in Oracle Identity Cloud Service.
    1. Sign in to Oracle Identity Cloud Service with your administrator credentials.
    2. Navigate to Users and click Add.
    3. Enter the user details as they are in Oracle Applications Cloud and then click Finish.

      Note:

      The user name is case-sensitive.
  3. Create Oracle Applications Cloud groups (job roles) in Oracle Identity Cloud Service.
    1. Navigate to Groups and click Add.
    2. Enter the job role name as it is in Oracle Applications Cloud and then click Finish.
  4. Assign the group (job role) to the users.
    1. On the Groups page, select a group.
    2. For the group specific to the Oracle Applications Cloud job role, in the Users tab, click Assign and select the users that you want to associate with the group (job role).
  5. As the service administrator, if you need to assign additional groups (job roles) such as service administrator, functional administrator, or security administrator to users, then perform the following steps:
    1. Sign in to Oracle Analytics for Applications, open the Application Navigation menu, and then click Console.
    2. On the Console page, click Groups Management. You see the Groups page in Oracle Identity Cloud Service.
    3. On the Groups page, create the OAX Service Administrator group, OAX Functional Administrator group, and OAX Security Administrator group one at a time following these instructions:
      1. Click Add. You see the Add Group page.
      2. In Step 1: Group Details, enter the group name, and click Next.
      3. In Step 2: Assign Users to Group (Optional), select the check box next to the name of each user that you want to add and then click Finish. Perform this action for each group.
    4. Return to the Console page in Oracle Analytics for Applications and click Roles Management. You see the Job Roles page. Complete the following actions:
      1. On the Job Roles page, search for each group (job role) that you newly created, select the group (job role), and then click Add.
      2. In Add Roles, search for OAX Service Administrator, select the role, and click Add. Repeat this step for OAX Functional Administrator and OAX Security Administrator.
    5. Click Back to Console and then click Apply.
The mappings that you make become available after approximately 20 minutes. The users that you added receive an email to activate their account. After activation, they must sign in to Oracle Analytics for Applications and verify their access to data and objects.

Manage Custom Job Roles

Service administrators create custom job roles in Oracle Applications Cloud and synchronize them into Oracle Identity Cloud Service.

Create Custom Job Roles

As a security administrator, you can create custom job roles to meet your business requirements.

You create custom job roles in the Security Console of Oracle Applications Cloud. See Create Roles in the Security Console.

To use the custom job roles from Oracle Applications Cloud in Oracle Analytics for Applications, you must either manually create and associate them in Oracle Identity Cloud Service or synchronize them with Oracle Identity Cloud Service. See Create and Associate Users and Job Roles.

Configure Job Roles

As a security administrator, you can map the data, duty, and system roles available for Oracle Analytics for Applications with the job roles.

  1. Sign in to your service.
  2. In Oracle Analytics for Applications, open the Application Navigation menu, click Console, and then click Roles Management.
    You see the Job Roles page displaying all the available job roles.
  3. On the Job Roles page, click a job role. For example, Accounts Payable Manager.
    You see the job role details page listing the various data, duty, and system roles.
  4. On the job role details page, to remove an existing data, duty, or system role mapped to a job role, select the check box for the existing role, and then click Remove.
  5. On the job role details page, to add a data, duty, or system role, click Add.
    You see the Add Roles dialog displaying available roles that haven't been assigned to this job role.
  6. Select the data, duty, or system role that you want to add to the job role and click Add.
    You see the Job Roles page with pending alerts for changes to the job roles that you updated.
  7. Click Discard Changes to abandon the planned changes or click Apply to confirm the changes.

Assign Job Roles to Users

Assign job roles to users to define their business functions such as Vice President of Sales, Human Resources Analyst, and Procurement Buyer.

  1. Sign in to your service.
  2. In Oracle Analytics for Applications, open the Application Navigation menu, click Console, and then click User Management to access the Oracle Identity Cloud Service console for assigning roles to users.
  3. In the Oracle Identity Cloud Service console, expand the Navigation menu, and then click Users.
  4. Click the user account that you want to modify.
  5. Click Groups.

    Note:

    Groups are equivalent to job roles. See Understand Groups.
  6. Click Assign.
    To search for groups to assign to the user account, in the Search field, enter all or part of the beginning of the group names or descriptions that you want to locate, and then click Enter.
  7. In Assign Groups, select the check box for each group that you want to assign to the user account.
  8. Click OK.

Manage Data Security Assignments

As a security administrator, you need to map data security assignments to users to enable them to access content.

Topics:

Use the Manage Data Security Assignments page to search all currently setup data security assignments. You may either search on all records or narrow your search to a specific security context, security value, or user. You can remove a security assignment that you had set up or add new security assignments to a user.

About Data Security Assignments

Data security assignments apply data filters to display only the data corresponding to the security assignment values mapped to the users.

You ensure data level security with a combination of data roles and security assignments mapped to the user. You assign a user one or more job roles. The job roles have data roles assigned to them, and when querying data, the semantic layer applies data filters by data roles.

For Enterprise Resource Planning, the ledger, payables business unit, and receivables business unit values are restricted by the number of ledgers selected in the reporting configuration user interface. For Enterprise Resource Planning, to establish the security permissions, you'd need to map users to security assignments. If a user doesn't have security assignment values mapped, then the user doesn't get to see any data sets corresponding to the job role (and implicitly data role) assigned to them. When you add data security assignments to a user, you ensure that the user can access specific data within a security context, such as ledger, payables business unit, or receivables business unit. The list of values for ledger, payables business unit, and receivables business unit are restricted by the ledgers that you selected while setting up the report parameters. See Set Up the Report Parameters for Enterprise Resource Planning.

For Human Capital Management, the data security is based on the line manager hierarchy defined in the Oracle Applications Cloud for user having the Line Manager role. A user with the HR Analyst role has access to all Human Capital Management data and no security restrictions are applied to the Human Capital Management data set.

Add Security Assignments to a User

The security assignment values that you can assign to a user are based on the user’s access to a ledger or business unit. You can assign a single user multiple security assignment values or multiple users to a single or multiple assignment values.

  1. Sign in to your service.
  2. In Oracle Analytics for Applications, open the Application Navigation menu, click Console, and then click Data Security.
  3. On the Manage Data Security Assignment page, click Add Assignments.
  4. In Add Security Assignments:
    1. Select the security context for which you want to add data security for the user. For example, Ledgers or a business unit.
    2. From the list of security values that you see based on the security context that you selected, select the values that you want to add to the user and move them to the right.

      Note:

      Previously added security assignments remain in place. The Add Security Assignment process adds only the new values.
    3. From the list of users that you see, select a user or multiple users to whom you want to assign the data security values and move them to the right.
    4. Click Add Assignments.

Remove Data Security Assignments for a User

As a security administrator, you can remove data security assignments that you had previously assigned.

  1. Sign in to your service.
  2. In Oracle Analytics for Applications, open the Application Navigation menu, click Console, and then click Data Security.
  3. On the Manage Data Security Assignment page, enter a user name in User or select a user from the drop-down list, and click Search.
    You can also filter by context or security value.
  4. From the search results, select the check box for the security assignments that you want to remove and click Remove Assignment.