2 Managing Role Assignments at the Application Level

Overview

Note:

Role assignment at the application level is supported for planning, consolidation and close, tax reporting, and Oracle Enterprise Data Management Cloud applications. Planning, consolidation, and Oracle Enterprise Data Management Cloud applications use granular application-specific roles to enhance the access granted through predefined roles while Profitability and Cost Management assigns user and group level data grants to secure access to application data.

While the overall access rights are controlled by the predefined Oracle Enterprise Performance Management Cloud roles, Service Administrators can grant application-specific roles and data grants to users and to groups created and managed in Access Control. For example, a User, by default, does not have the right to design the approvals process, which is granted only to Power Users and Service Administrators. From Access Control, Service Administrators can assign the Approvals Administrator role to enable the user to perform approvals-related activities.

Role assignments at the application level can only enhance the access rights of users; none of the privileges granted by a predefined role can be curtailed by assigning role at the application-level.

You manage the role assignment process using Access Control. You can perform these tasks:

  • Create groups and add service users or other groups as members.
  • Add or delete group members
  • Assign planning and consolidation application roles to groups or to users
  • View a list of users who are members of a group

Service Users

You create and manage service users in the identity domain associated with the environment to which the application belongs. Only the users who are assigned to predefined roles can be assigned application-level roles to enhance the access they have to perform tasks within applications.