Configure Employee List of Values

Fields that reference an employee or person can be found on many pages in Oracle ERP Cloud, such as preparer on a payable invoice, first approver on a payable payment request, or employee on an asset record. These lists of values show the

By default, predefined roles providing access to these pages include data security policies that allow users to choose all employees in these lists of values.

To implement restrictions in these lists of values, these predefined data security policies need to be replaced with data security policies that are more restrictive. Since predefined roles can't be modified, you make these changes to copies of the predefined roles. You can manually create the necessary data security policies using the Security Console, or assign the public person security profile for the custom role.

Restricting Access Using Security Console

In this example, you learn how to create or modify a data security policy to restrict access in employee list of values using Security Console.

1. Sign in as the TechAdmin user or another user with the IT Security Manager job role or privileges.

2. Click Navigator> Tools> Security Console.

3. On the Roles tab of the Security Console, search for and select your custom role.

4. In the search results, click the down arrow for the selected role and select Edit Role.

5. Click the Data Security Policies train stop.

6. Search for the data security policy with the privilege Choose Public Person.

7. If one exists, click on the down arrow for the selected policy and select Edit Data Security Policy. In the Data Set field, choose All Values if you don't want any restrictions, or Select by instance set followed by choosing a Condition Name that matches your needs. For example, the condition Access Public Persons From My Own Legal Employer would restrict employees with the same legal employer as the user.

8. If none exists, click Create Data Security Policy. Create a data security policy as follows:

   Field	Value
   Database Resource	Public Person
   Data Set	Select by instance set, or All values (if no restriction is needed)
   Condition Name	As desired, for example, to restrict the list of values to legal employer, use Access Public Persons From My Own Legal Employer
   Actions	Choose Public Person

9. Click OK to close the Create or Edit Data Security window, then click the Summary train stop.

10. Review the summary of changes. Click Back to make corrections or click Save and Close to save the changes.

Restricting Access Using Security Profile

You can also restrict access in employee list of values using Security Profile.

1. Sign in as the TechAdmin user or another user with the IT Security Manager job role or privileges.

2. In the Setup and Maintenance work area, go to the following for your offering:

   • Functional Area: Users and Security

   • Task: Assign Security Profiles to Role

3. On the Manage Data Roles and Security Profiles page, enter the name of the custom role in the Role field. Click Search.

4. In the Search Results section, select the role and click Edit.

5. On the Edit Data Role: Role Details page, click Next.

6. On the Edit Data Role: Security Criteria page, proceed to the Public Person and choose the security profile as desired. You may also create a new security profile here.

7. Click Review.

8. On the Edit Data Role: Review page, click Submit.

9. On the Manage Data Roles and Security Profiles page, search again for the custom role.

10. In the search results, confirm that the Assigned icon appears in the Security Profiles column for the custom role.

    The Assigned icon confirms that security profiles are assigned to the role.