Understanding Predefined Roles

Most services use a common set of predefined functional roles to control access to environments. Once you have been migrated to the environment, your legacy roles are mapped to the corresponding predefined role.

Access to Oracle Fusion Cloud Enterprise Performance Management and Oracle Fusion Cloud Enterprise Data Management environments is granted by assigning users to predefined roles. For example, to permit user John Doe to view reports belonging to a Planning test environment, he should be assigned to the Viewer role of the environment.

All Cloud EPM business processes, except for Enterprise Data Management, use a common set of four predefined functional roles to control access to environments.

• Service Administrator
• Power User
• User
• Viewer

Oracle Enterprise Data Management Cloud and Enterprise Data Management specifically use Service Administrator and User roles.

The level of access granted by each predefined role varies depending on the service type. For example, the Power User role in Planning enables you to manage business rule security and control the approval process while the same role in Tax Reporting enables you to run tax automation and import data.

Note:

The behavior of all predefined roles other than Service Administrator is affected by the Apply Security option defined at the dimension level in the business process. Disabling the Apply Security option leaves dimensions unsecured allowing all users assigned to predefined roles to access and write data to dimension members. Oracle recommends that you select the Apply Security option at the dimension level to enforce security.

Predefined functional service roles are hierarchical. Access granted through lower-level roles is inherited by higher-level roles. For example, Service Administrators, in addition to the access that only they have, inherit the access granted through Power User, User, and Viewer roles.