Access to Oracle Enterprise Performance Management Cloud components are controlled by the predefined roles in the identity domain to which users are assigned. Service Administrators or users with Access Control - Manage application role can assign users to application-specific roles of planning, consolidation, account reconciliation, and data management applications to enable them to complete additional tasks in an environment.
For example, Service Administrators can assign a user to the Approval Administrator role of a planning or consolidation application to enable the user to perform approvals-related activities.
Additionally, Service Administrators can, from Access Control, create groups comprising identity domain users or other groups. Assigning roles to such groups enables Service Administrators to grant roles to many users at once, thereby reducing administrative overheads.
Assigning roles at the application-level can only enhance the access rights of users; none of the privileges granted by a predefined role can be curtailed by roles assigned at the application-level.
Access Control enables you to complete these activities in an environment:
You can also follow this tutorial Setting Up Security in Cloud EPM Business Processes to learn about the layers of security in EPM Cloud business processes and how to manage security using Access Control and access permissions.