Example: Set Up the Employee User Group

Add HR Help Desk users to the pre-defined Employee user group by assigning them to a duty role that contains the user group data security policy. The Employee user group is for authenticated HCM HR Help Desk self-service users in your organization.

It’s likely that your organization has knowledge base content that is suitable only for your employees. In HR Help Desk applications, the predefined Employee user group helps you limit access to this type of content to authenticated self-service users in your organization.

You need to set up both users and content to use the Employee user group.

• Set up your users by assigning them a role that grants access to the HCM HR Help Desk application (department), and grants access to content in the Employee user group.
• Set up your content by assigning the Employee user group to the articles that only employees should access.

Important: If you assign content to the Employee user group without assigning users to a role that grants access to the both the HR Help Desk application and the Employee user group, then none of your users will be able to access content in that group.

In this example, we’ll set up users to access employee-only content in an HCM HR Help Desk application.

Create a New Role for Employees

We’ll start with the predefined Employee role, and follow best practice to create a new HCM Employee role by copying and renaming it.

1. Go to the Tools, Security Console, Roles page.

2. Search for the predefined Employee role (ORA_PER_EMPLOYEE_ABSTRACT).

3. Copy the predefined Employee role.

4. Name the new role HCM Employee.

Add Data Security Policies to Grant Access

HCM Employee users need to access the HCM HR Help Desk application and the content in the Employee user group. To set up access, we’ll add HR Help Desk application and Employee user group data security policies to the new role.

First, we'll add access to the HCM application (department).

1. Go to the Data Security Policies page in the HCM Employee role.

2. Click Create Data Security Policy.

3. Enter the name HCM Department and a description.

4. Search on knowledge and select Knowledge Departments as the Database Resource.

5. Select Select by instance set as the Data Set.

6. Select Access to HCM Department as the Condition Name.

7. Select Access Content with Department in the Actions field.

Next, we’ll add access to the Employee user group.

1. Click Create Data Security Policy, again.

2. Enter the name Employee User Group and a description.

3. Search on knowledge and select Knowledge User Groups as the Database Resource.

4. Select Select by instance set as the Data Set.

5. Select Access to employee user group as the Condition Name.

6. Select Access Content with User Group in the Actions field.

Assign Users to the HCM Employee Role

Now we can assign the HCM Employee role to the users who need to access employee-only knowledge content.

1. On the Update Role: Users page, click Add User.

2. In the Add User dialog box, search for and select a user or role.

   • Select a single user to add only that user to the role, then click Add User to Role to add the user.

   • Select a role to add all of users assigned to it, then click Add Selected Users to add them.

3. Click Submit.

See Securing Sales and Fusion Service for additional methods of assigning users to roles, such as performing mass updates and setting up auto-provisioning for roles.