21Regenerating Roles

This chapter contains the following:

Regenerate Roles

You must regenerate an HCM data role if you change its role hierarchy. For example, if you remove an aggregate privilege from a custom job role, then you must regenerate any data role that inherits the job role. You must also regenerate any abstract role to which security profiles are assigned if you change its role hierarchy. Regenerating a role updates its data security policies to reflect the latest role hierarchy. This topic introduces the ways in which you can regenerate data and abstract roles.

Regenerate Multiple Roles

To regenerate multiple roles at once, you use the Regenerate Data Security Grants process.

Regenerate Roles Individually

To regenerate a single data or abstract role, you can use the Regenerate Data Security Grants process. Alternatively, you can edit the role on the Manage Data Roles and Security Profiles page.

Follow these steps:

  1. Search for the data or abstract role.

  2. Select the role in the Search Results and click Edit.

  3. On the Edit Data Role: Select Role page, click Next.

  4. On the Edit Data Role: Security Criteria page, click Review.

  5. On the Edit Data Role: Review page, click Submit.

This procedure automatically regenerates the role's data security policies based on the security profiles assigned to the role.

Note: You must regenerate updated, predefined roles after each release upgrade of Oracle HCM Cloud. For example, if the predefined Payroll Manager role is updated in an upgrade, then you must regenerate any data role that inherits that job role.

Run the Regenerate Data Security Grants Process

You must regenerate an HCM data role if changes are made to the data security policies of its inherited job role. For example, if an aggregate privilege is removed from the job role, then you must regenerate any data role that inherits the job role. You must also regenerate any abstract role that has directly assigned security profiles if changes are made to the role's data security policies. You can regenerate data and abstract roles individually by editing them on the Manage Data Roles and Security Profiles page. Alternatively, to regenerate one or more roles, you can run the Regenerate Data Security Grants process. This topic describes how to run this process.

Run Regenerate Data Security Grants Process

Follow these steps.

  1. Sign in with the following roles or privileges:

    • IT Security Manager

    • Human Resource Specialist

    • Human Capital Management Application Administrator

  2. Open the Scheduled Processes work area.

  3. In the Scheduled Processes work area, click Schedule New Process.

  4. In the Schedule New Process dialog box, search for and select the Regenerate Data Security Grants process.

  5. Click OK.

  6. In the Process Details dialog box, set the Mode value to identify the types of roles to process. This table describes the values.

    Mode Value Description

    Named job role

    Regenerates any data role that inherits the specified job role directly. Data roles that inherit the job role indirectly aren't regenerated.

    Named data role

    Regenerates the specified data role only.

    Named abstract role

    Regenerates the specified abstract role only.

    All roles

    Regenerates all roles to which security profiles are assigned. In this mode, secured access for all roles is recalculated and the secured access of all users is refreshed. The time taken to complete this process depends on the number of roles to be regenerated.

  7. If you are regenerating an individual role, select the role.

  8. Click Submit .