4Enabling Basic Data Access for Abstract Roles

This chapter contains the following:

These abstract roles are predefined in Oracle HCM Cloud:

  • Employee

  • Contingent Worker

  • Line Manager

Users with these roles can sign in and open application pages. However, they have no automatic access to data. For example, employees can open the Directory but their searches return no results. Line managers can access My Team functions but can't see data for their organizations. To enable basic HCM data access for users with abstract roles, you assign security profiles directly to those roles.

Predefined Security Profiles to Assign to Abstract Roles

This table identifies the predefined security profiles that you can assign directly to the Employee, Line Manager, and Contingent Worker abstract roles.

Security Profile Type Employee Contingent Worker Line Manager

Person

View Own Record

View Own Record

View Manager Hierarchy

Public person

View All Workers

View All Workers

View All Workers

Organization

View All Organizations

View All Organizations

View All Organizations

Position

View All Positions

View All Positions

View All Positions

Legislative data group

View All Legislative Data Groups

View All Legislative Data Groups

View All Legislative Data Groups

Country

View All Countries

View All Countries

View All Countries

Document type

View All Document Types

View All Document Types

View All Document Types

Payroll

Not applicable

Not applicable

View All Payrolls

Payroll flow

Not applicable

Not applicable

View All Flows

After implementation, you may want to change aspects of this data access. For example, you may want to create your own security profiles and assign those directly to abstract roles.

Note: Such changes apply to all users who have the abstract role.

HCM Data Roles

Users who have abstract roles are likely to gain additional data access from the HCM data roles that you define for their job roles. For example, you may create an HCM data role for benefits representatives to access person records in a legal employer. Such data access is in addition to any access provided by abstract roles.

Assign Security Profiles to Abstract Roles

In this example, you learn how to assign predefined security profiles to abstract roles during implementation. You perform this task to enable basic data access for the predefined Employee, Contingent Worker, and Line Manager roles.

Search for the Employee Abstract Role

  1. Sign in as the TechAdmin user or another user with the IT Security Manager job role or privileges.

  2. In the Setup and Maintenance work area, go to the following for your offering:

    • Functional Area: Users and Security

    • Task: Assign Security Profiles to Role

  3. On the Manage Data Roles and Security Profiles page, enter Employee in the Role field. Click Search.

  4. In the Search Results section, select the predefined Employee role and click Edit.

Assign Security Profiles to the Employee Abstract Role

  1. On the Edit Data Role: Role Details page, click Next.

  2. On the Edit Data Role: Security Criteria page, select the security profiles shown in the following table. You may see a subset of these security profiles, depending on the combination of cloud services that you're implementing.

    Field Value

    Organization Security Profile

    View All Organizations

    Position Security Profile

    View All Positions

    Country Security Profile

    View All Countries

    LDG Security Profile

    View All Legislative Data Groups

    Person Security Profile (Person section)

    View Own Record

    Person Security Profile (Public Person section)

    View All Workers

    Document Type Security Profile

    View All Document Types

  3. Click Review.

  4. On the Edit Data Role: Review page, click Submit.

  5. On the Manage Data Roles and Security Profiles page, search again for the predefined Employee role.

  6. In the Search Results region, confirm that the Assigned icon appears in the Security Profiles column for the Employee role.

    The Assigned icon, a check mark, confirms that security profiles are assigned to the role.

    Repeat the steps in Searching for the Employee Abstract Role and Assigning Security Profiles to the Employee Abstract Role for the predefined Contingent Worker role.

Search for the Line Manager Abstract Role

  1. On the Manage Data Roles and Security Profiles page, enter Line Manager in the Role field. Click Search.

  2. In the Search Results section, select the predefined Line Manager role and click Edit.

Assign Security Profiles to the Line Manager Abstract Role

  1. On the Edit Data Role: Role Details page, click Next.

  2. On the Edit Data Role: Security Criteria page, select the security profiles shown in the following table. You may see a subset of these security profiles, depending on the combination of cloud services that you're implementing.

    Field Value

    Organization Security Profile

    View All Organizations

    Position Security Profile

    View All Positions

    Country Security Profile

    View All Countries

    LDG Security Profile

    View All Legislative Data Groups

    Person Security Profile (Person section)

    View Manager Hierarchy

    Person Security Profile (Public Person section)

    View All Workers

    Document Type Security Profile

    View All Document Types

    Payroll

    View All Payrolls

    Payroll Flow

    View All Flows

  3. Click Review.

  4. On the Edit Data Role: Review page, click Submit

  5. On the Manage Data Roles and Security Profiles page, search again for the predefined Line Manager role.

  6. In the search results, confirm that the Assigned icon appears in the Security Profiles column for the Line Manager role.

    The Assigned icon confirms that security profiles are assigned to the role.