4Enabling Basic Data Access for Abstract Roles

This chapter contains the following:

• Why You Assign Security Profiles to Abstract Roles

• Assign Security Profiles to Abstract Roles

Why You Assign Security Profiles to Abstract Roles

These abstract roles are predefined in Oracle HCM Cloud:

• Employee

• Contingent Worker

• Line Manager

Users with these roles can sign in and open application pages. However, they have no automatic access to data. For example, employees can open the Directory but their searches return no results. Line managers can access My Team functions but can't see data for their organizations. To enable basic HCM data access for users with abstract roles, you assign security profiles directly to those roles.

Predefined Security Profiles to Assign to Abstract Roles

This table identifies the predefined security profiles that you can assign directly to the Employee, Line Manager, and Contingent Worker abstract roles.

Security Profile Type	Employee	Contingent Worker	Line Manager
Person	View Own Record	View Own Record	View Manager Hierarchy
Public person	View All Workers	View All Workers	View All Workers
Organization	View All Organizations	View All Organizations	View All Organizations
Position	View All Positions	View All Positions	View All Positions
Legislative data group	View All Legislative Data Groups	View All Legislative Data Groups	View All Legislative Data Groups
Country	View All Countries	View All Countries	View All Countries
Document type	View All Document Types	View All Document Types	View All Document Types
Payroll	Not applicable	Not applicable	View All Payrolls
Payroll flow	Not applicable	Not applicable	View All Flows

After implementation, you may want to change aspects of this data access. For example, you may want to create your own security profiles and assign those directly to abstract roles.

Note: Such changes apply to all users who have the abstract role.

HCM Data Roles

Users who have abstract roles are likely to gain additional data access from the HCM data roles that you define for their job roles. For example, you may create an HCM data role for benefits representatives to access person records in a legal employer. Such data access is in addition to any access provided by abstract roles.

Assign Security Profiles to Abstract Roles

In this example, you learn how to assign predefined security profiles to abstract roles during implementation. You perform this task to enable basic data access for the predefined Employee, Contingent Worker, and Line Manager roles.

Search for the Employee Abstract Role

1. Sign in as the TechAdmin user or another user with the IT Security Manager job role or privileges.

2. In the Setup and Maintenance work area, go to the following for your offering:

   • Functional Area: Users and Security

   • Task: Assign Security Profiles to Role

3. On the Manage Data Roles and Security Profiles page, enter Employee in the Role field. Click Search.

4. In the Search Results section, select the predefined Employee role and click Edit.

Assign Security Profiles to the Employee Abstract Role

1. On the Edit Data Role: Role Details page, click Next.

2. On the Edit Data Role: Security Criteria page, select the security profiles shown in the following table. You may see a subset of these security profiles, depending on the combination of cloud services that you're implementing.

   Field	Value
   Organization Security Profile	View All Organizations
   Position Security Profile	View All Positions
   Country Security Profile	View All Countries
   LDG Security Profile	View All Legislative Data Groups
   Person Security Profile (Person section)	View Own Record
   Person Security Profile (Public Person section)	View All Workers
   Document Type Security Profile	View All Document Types

3. Click Review.

4. On the Edit Data Role: Review page, click Submit.

5. On the Manage Data Roles and Security Profiles page, search again for the predefined Employee role.

6. In the Search Results region, confirm that the Assigned icon appears in the Security Profiles column for the Employee role.

   The Assigned icon, a check mark, confirms that security profiles are assigned to the role.

   Repeat the steps in Searching for the Employee Abstract Role and Assigning Security Profiles to the Employee Abstract Role for the predefined Contingent Worker role.

Search for the Line Manager Abstract Role

1. On the Manage Data Roles and Security Profiles page, enter Line Manager in the Role field. Click Search.

2. In the Search Results section, select the predefined Line Manager role and click Edit.

Assign Security Profiles to the Line Manager Abstract Role

1. On the Edit Data Role: Role Details page, click Next.

2. On the Edit Data Role: Security Criteria page, select the security profiles shown in the following table. You may see a subset of these security profiles, depending on the combination of cloud services that you're implementing.

   Field	Value
   Organization Security Profile	View All Organizations
   Position Security Profile	View All Positions
   Country Security Profile	View All Countries
   LDG Security Profile	View All Legislative Data Groups
   Person Security Profile (Person section)	View Manager Hierarchy
   Person Security Profile (Public Person section)	View All Workers
   Document Type Security Profile	View All Document Types
   Payroll	View All Payrolls
   Payroll Flow	View All Flows

3. Click Review.

4. On the Edit Data Role: Review page, click Submit

5. On the Manage Data Roles and Security Profiles page, search again for the predefined Line Manager role.

6. In the search results, confirm that the Assigned icon appears in the Security Profiles column for the Line Manager role.

   The Assigned icon confirms that security profiles are assigned to the role.