Export and Import of Custom Roles

You're looking at migrating your custom role definitions from one environment to another. You can accomplish your migration needs by exporting the business objects in the Users and Security functional area within the Financials offering.

Before You Begin

Learn how to export and import business object data as described in the Overview of Setup Data Export and Import topic of the Using Functional Setup Manager guide.

What Gets Exported and Imported

When you migrate custom roles, the following business objects are exported in the configuration package generated from the Users and Security functional area within the Financials offering. These business objects include custom role definitions:

• Application Data Security Policy

• Functional Security Custom Roles

  • Functional Security Custom Role Hierarchy

  • Functional Security Custom Role Privilege Membership

• HCM Data Role

  • HCM Data Role Security Profile

Let's closely examine each business object to know what it contains.

Business Object	Information Included in Export and Import
Application Data Security	Application data security includes data security policies that are created in the following ways: Manually using the Manage Database Resources page in the security console Manually using the Edit Role/Copy Role flow in the security console Automatically when you copy a role using the Role Copy in the security profile Automatically when you create profile content types Automatically when you map HCM spreadsheet business objects to roles Note: There's no scope support for application data security policies. When you export application data security policies, all data security policies are exported, even if you provided a scope value for other security business objects in your configuration package. There's no Export to CSV option for this business object.
Functional Security Custom Roles	The custom role includes the following details: Role Code Role Name Role Description Role Category All IP Address Access - indicates that a role is granted access to the Security Control regardless of the login IP address.
Functional Security Custom Role Hierarchy	The role hierarchy includes the following details: Parent Role Member Role Add or Remove Role Membership
Functional Security Custom Role Privilege Membership	The role privilege membership includes the following details: Parent Role Member Privilege Add or Remove Privilege Membership
HCM Data Role	The HCM data role includes the following details: Data Role Code Data Role Name Data Role Description Inherited Job Role Code Delegation Allowed Check Box
HCM Data Role Security Profile	The HCM data role security profile includes the following details: Data Role Code Securing Object Security Profile Name

The business objects HCM Data Role and HCM Data Role Security Profile are included in the configuration package if you have used security profiles to configure access to HCM data. If you're also using Oracle HCM Cloud, it's recommended that you follow the instructions as described in the Export and Import of HCM Custom Roles and Security Profiles topic in the Securing HCM guide.

What Happens After the Import

You may not immediately see all of the migrated data security policies in the security console after completing the import of the configuration package that's generated from the Users and Security functional area within the Financials offering.

When you import application data security policies, a background process runs to synchronize the imported data security policies with the roles on the target environment. The imported data security policies aren't active until this process has completed, at which point the data security policies will be visible in the security console. This affects data security policies for custom roles that have been copied from other roles in the source environment. It also affects custom roles that have data security policies that were added manually using the security console.