This chapter contains the following:
You must regenerate an HCM data role if you change its role hierarchy. For example, if you remove an aggregate privilege from a custom job role, then you must regenerate any data role that inherits the job role. You must also regenerate any abstract role to which security profiles are assigned if you change its role hierarchy. Regenerating a role updates its data security policies to reflect the latest role hierarchy. This topic introduces the ways in which you can regenerate data and abstract roles.
Regenerate Multiple Roles
To regenerate multiple roles at once, you use the Regenerate Data Security Grants process.
Regenerate Roles Individually
To regenerate a single data or abstract role, you can use the Regenerate Data Security Grants process. Alternatively, you can edit the role on the Manage Data Roles and Security Profiles page.
Follow these steps:
Search for the data or abstract role.
Select the role in the Search Results and click Edit.
On the Edit Data Role: Select Role page, click Next.
On the Edit Data Role: Security Criteria page, click Review.
On the Edit Data Role: Review page, click Submit.
This procedure automatically regenerates the role's data security policies based on the security profiles assigned to the role.
Run the Regenerate Data Security Grants Process
You must regenerate an HCM data role if changes are made to the data security policies of its inherited job role. For example, if an aggregate privilege is removed from the job role, then you must regenerate any data role that inherits the job role. You must also regenerate any abstract role that has directly assigned security profiles if changes are made to the role's data security policies. You can regenerate data and abstract roles individually by editing them on the Manage Data Roles and Security Profiles page. Alternatively, to regenerate one or more roles, you can run the Regenerate Data Security Grants process. This topic describes how to run this process.
Run Regenerate Data Security Grants Process
Follow these steps.
Sign in with the following roles or privileges:
IT Security Manager
Human Resource Specialist
Human Capital Management Application Administrator
Open the Scheduled Processes work area.
In the Scheduled Processes work area, click Schedule New Process.
In the Schedule New Process dialog box, search for and select the Regenerate Data Security Grants process.
In the Process Details dialog box, set the Mode value to identify the types of roles to process. This table describes the values.
Mode Value Description
Named job role
Regenerates any data role that inherits the specified job role directly. Data roles that inherit the job role indirectly aren't regenerated.
Named data role
Regenerates the specified data role only.
Named abstract role
Regenerates the specified abstract role only.
Regenerates all roles to which security profiles are assigned. In this mode, secured access for all roles is recalculated and the secured access of all users is refreshed. The time taken to complete this process depends on the number of roles to be regenerated.
If you are regenerating an individual role, select the role.
Click Submit .