13Roles and Role Assignments

This chapter contains the following:

Review Role Assignments

You can use the Security Console to:

  • View the roles assigned to a user.

  • Identify users who have a specific role.

You must have the IT Security Manager job role to perform these tasks.

View the Roles Assigned to a User

Follow these steps:

  1. Open the Security Console.

  2. On the Roles tab, search for and select the user.

    Depending on the enterprise setting, either a table or a graphical representation of the user's role hierarchy appears. Switch to the graphical representation if necessary to see the user and any roles that the user inherits directly. User and role names appear on hover. To expand an inherited role:

    1. Select the role and right-click.

    2. Select Expand. Repeat these steps as required to move down the hierarchy.

Tip: Switch to the table to see the complete role hierarchy at once. You can export the details to Microsoft Excel from this view.

Identify Users Who Have a Specific Role

Follow these steps:

  1. On the Roles tab of the Security Console, search for and select the role.

  2. Depending on the enterprise setting, either a table or a graphical representation of the role hierarchy appears. Switch to the graphical representation if it doesn't appear by default.

  3. Set Expand Toward to Users.

    Tip: Set the Expand Toward option to control the direction of the graph. You can move either up the hierarchy from the selected role (toward users) or down the hierarchy from the selected role (toward privileges).

    In the refreshed graph, user names appear on hover. Users may inherit roles either directly or indirectly from other roles. Expand a role to view its hierarchy.

  4. In the Legend, click the Tabular View icon for the User icon. The table lists all users who have the role. You can export this information to Microsoft Excel.

Review Role Hierarchies

On the Security Console you can review the role hierarchy of a job role, an abstract role, a duty role, or an HCM data role. You must have the IT Security Manager job role to perform this task.

Note: Although you can review HCM data roles on the Security Console, you must manage them on the Manage HCM Data Role and Security Profiles page. Don't attempt to edit them on the Security Console.

Follow these steps:

  1. On the Roles tab of the Security Console, ensure that Expand Toward is set to Privileges.

  2. Search for and select the role. Depending on the enterprise setting, either a table or a graphical representation of the role appears.

  3. If the table doesn't appear by default, click the View as Table icon. The table lists every role inherited either directly or indirectly by the selected role. Set Show to Privileges to switch from roles to privileges.

    Tip: Enter text in a column search field and press Enter to show only those roles or privileges that contain the specified text.

Click Export to Excel to export the current table data to Microsoft Excel.

Compare Roles

You can compare any two roles to see the structural differences between them. As you compare roles, you can also add function and data security policies existing in the first role to the second role, providing that the second role isn't a predefined role.

For example, assume you have copied a role and edited the copy. You then upgrade to a new release. You can compare your edited role from the earlier release with the role as shipped in the later release. You may then decide whether to incorporate upgrade changes into your edited role. If the changes consist of new function or data security policies, you can upgrade your edited role by adding the new policies to it.

Selecting Roles for Comparison

  1. Select the Roles tab in the Security Console.

  2. Do any of the following:

    • Click the Compare Roles button.

    • Create a visualization graph, right-click one of its roles, and select the Compare Roles option.

    • Generate a list of roles in the Search Results column of the Roles page. Select one of them, and click its menu icon. In the menu, select Compare Roles.

  3. Select roles for comparison:

    • If you began by clicking the Compare Roles button, select roles in both First Role and Second Role fields.

    • If you began by selecting a role in a visualization graph or the Search Results column, the First Role field displays the name of the role you selected. Select another role in the Second Role field.

    For either field, click the search icon, enter text, and select from a list of roles whose names contain that text.

Comparing Roles

  1. Select two roles for comparison.

  2. Use the Filter Criteria field to filter for any combination of these artifacts in the two roles:

    • Function security policies

    • Data security policies

    • Inherited roles

  3. Use the Show field to determine whether the comparison returns:

    • All artifacts existing in each role

    • Those that exist only in one role, or only in the other role

    • Those that exist only in both roles

  4. Click the Compare button.

You can export the results of a comparison to a spreadsheet. Select the Export to Excel option.

After you create the initial comparison, you can change the filter and show options. When you do, a new comparison is generated automatically.

Adding Policies to a Role

  1. Select two roles for comparison.

    • As the First Role, select a role in which policies already exist.

    • As the Second Role, select the role to which you're adding the policies. This must be a custom role. You can't modify a predefined role.

  2. Ensure that your selection in the Filter Criteria field excludes the Inherited roles option. You may select Data security policies, Function security policies, or both.

  3. As a Show value, select Only in first role.

  4. Click the Compare button.

  5. Among the artifacts returned by the comparison, select those you want to copy.

  6. An Add to Second Role option becomes active. Select it.