1. Securing Applications
  2. Data Access

Data Access

You can assign users access to appropriate data based on their job roles. The Oracle Fusion security model requires a three-way link between users, role, and data. It's summarized as: who can do what on which data.

Who refers to the users, what are the job roles the user is assigned, and which refers to the data that's specific to a particular security context, typically an element of the enterprise structure, such as a business unit, asset book, or ledger.

For example, consider a user, Mary Johnson, who manages accounts payable functions, such as processing supplier invoices for the US Operations business unit. In this scenario, Mary Johnson must be assigned a job role such as the predefined Accounts Payable Manager, and given access to the US Operations business unit.

The following table lists the elements of the enterprise structure to which users can be assigned access based on their job roles.

Product

Security Context

Oracle Fusion Cloud Financials

Business Unit

Data Access Set

Ledger

Asset Book

Control Budget

Intercompany Organization

Reference Data Set

Legal Entity

Oracle Fusion Cloud Supply Chain Management

Inventory Organization

Reference Data Set

Cost Organization

Inventory Organization

Manufacturing Plant

Oracle Fusion Cloud Procurement

Business Unit

Oracle Fusion Cloud Project Portfolio Management

Project Organization Classification

Oracle Fusion Cloud Incentive Compensation

Business Unit

Assigning Data Access

Assigning data access to users is a three step process:

  1. Create users using one of the following:

    • Manage Users task in Oracle Fusion Cloud Functional Setup Manager

      Specify user attributes such as user name, assigned business unit, legal employer, department, job, position, grade, and location.

    • Security Console

  2. Assign at least one job role to users. Use Oracle Fusion Cloud Human Capital Management or the Security Console to assign job roles. Alternatively, define Role Provisioning Rules to auto-provision roles to users based on the users' work assignments.

  3. Assign data access to users for each applicable job role. Use the Manage Data Access for Users task in the Functional Setup Manager. For General Ledger users, you can also use the Manage Data Access Set Data Access for Users task to assign data access. Alternatively, define Data Provisioning Rules to auto-provision data access to users based on the users' work assignments.

Related Topics