A | B | C | D | E | F | H | I | J | L | P | R | S | T | W | X


abstract role
A description of a person's function in the enterprise that's unrelated to the person's job (position), such as employee, contingent worker, or line manager.
The kind of access, such as view or edit, named in a security policy.
aggregate privilege
A predefined role that combines one function security privilege with related data security policies.
A set of information, including job, position, pay, compensation, managers, working hours, and work location, that defines a worker's or nonworker's role in a legal employer.


business object
A resource in an enterprise database, such as an invoice or purchase order.
business unit
A unit of an enterprise that performs one or many business functions that can be rolled up in a management hierarchy.


The part of a data security policy that specifies what portions of a database resource are secured.
contingent worker
A self-employed or agency-supplied worker. Contingent worker work relationships with legal employers are typically of a specified duration. Any person who has a contingent worker work relationship with a legal employer is a contingent worker.


A collection of analyses and other content that gives in-depth insight to help with business decisions.
data dimension
A stripe of data accessible by a user. Sometimes referred to as data security context.
data instance set
The set of HCM data, such as one or more persons, organizations, or payrolls, identified by an HCM security profile.
data role
A role for a defined set of data describing the job a user does within that defined set of data. A data role inherits job or abstract roles and grants entitlement to access data within a specific dimension of data based on data security policies. A type of enterprise role.
data security
The control of access and action a user can take against which data.
data security policy
A grant of entitlement to a role on an object or attribute group for a given condition.
database resource
An applications data object at the instance, instance set, or global level, which is secured by data security policies.
A division of a business enterprise dealing with a particular area of activity.
duty role
A group of function and data privileges representing one duty of a job. Duty roles are specific to applications, stored in the policy store, and shared within an application instance.


effective start date
For a date-effective object, the start date of a physical record in the object's history. A physical record is available to transactions between its effective start and end dates.
An organization having common control over one or more legal entities.
Grant of access to functions and data. Oracle Fusion Middleware term for privilege.


A flexible data field that you can configure such that it contains one or more segments or stores additional information. Each segment has a value and a meaning.
flexfield segment
An extensible data field that represents an attribute and captures a value corresponding to a predefined, single extension column in the database. A segment appears globally or based on a context of other captured information.
function security
The control of access to a page or a specific use of a page. Function security controls what a user can do.


HCM data role
A job role, such as benefits administrator, associated with instances of HCM data, such as all employees in a department.


A person representing a worker, supplier, or customer.


A generic role that's independent of any single department or location. For example, the jobs Manager and Consultant can occur in many departments.
job role
A role, such as an accounts payable manager or application implementation consultant, that usually identifies and aggregates the duties or responsibilities that make up the job.


Abbreviation for Lightweight Directory Access Protocol.


A physical entity, such as a person, organization or group, that the deploying company has an interest in tracking.
person number
A person ID that is unique in the enterprise, allocated automatically or manually, and valid throughout the enterprise for all of a person's work and person-to-person relationships.
person type
A subcategory of a system person type, which the enterprise can define. Person type is specified for a person at the assignment level.
personally identifiable information
Any piece of information that can be used to uniquely identify, contact, or locate a single person. Within the context of an enterprise, some PII data, such as a person's name, can be considered public, while other PII data, such as national identifier or passport number is confidential.
A grant of access to functions and data; a single, real world action on a single business object.


People designated as able to be assigned to work objects, for example, service agents, sales managers, or partner contacts. A sales manager and partner contact can be assigned to work on a lead or opportunity. A service agent can be assigned to a service request.
Controls access to application functions and data.
role hierarchy
Structure of roles to reflect an organization's lines of authority and responsibility. In a role hierarchy, a parent role inherits all the entitlement of one or more child roles.
role mapping
A relationship between one or more roles and one or more assignment conditions. Users with at least one assignment that matches the conditions qualify for the associated roles.
role provisioning
The automatic or manual allocation of a role to a user.


security profile
A set of criteria that identifies HCM objects of a single type for the purposes of securing access to those objects. The relevant HCM objects are persons, organizations, positions, countries, LDGs, document types, payrolls, and payroll flows.
security reference implementation
Predefined function and data security that includes role based access control, and policies that protect functions, and data. The reference implementation supports identity management, access provisioning, and security enforcement across the tools, data transformations, access methods, and the information life cycle of an enterprise.
SQL predicate
A type of condition using SQL to constrain the data secured by a data security policy.


A logical unit of work such as a promotion or an assignment change. A transaction may consist of several components, such as changes to salary, locations, and grade, but all the components are handled as a unit to be either approved or rejected.


work area
A set of pages containing the tasks, searches, and other content you need to accomplish a business goal.
work relationship
An association between a person and a legal employer, where the worker type determines whether the relationship is a nonworker, contingent worker, or employee work relationship.
worker type
A classification selected on a person's work relationship, which can be employee, contingent worker, pending worker, or nonworker.


XML filter
A type of condition using XML to constrain the data secured by a data security policy.