1. Using Common Features for HCM
  2. Manage Excluded Users in Oracle Search

Manage Excluded Users in Oracle Search

Oracle Search uses the Access Control List (ACL) method for HCM data security. Some users don't receive any Oracle Search-based search results because of their complex security setup. These users are called excluded users. You can make Oracle Search experience available to excluded users by simplifying their security setup.

ACL is precomputed for each user and applied on the search results they receive. Excluded users don't have the ACL computed because the computation time exceeds the 10 minutes threshold. Hence, their access control list is empty resulting in no search results from Oracle Search.

One way to make Oracle Search available to excluded users is replacing custom SQL predicates with built-in capabilities of security profiles. You must always review the possibilities of making the security setup simple and efficient with your organization’s security experts. Here are some processes you can run to manage excluded users:

  • Report users who are currently flagged as excluded. To do that, run this process.
    Job Name Parameter Name Parameter Value
    Manage Excluded Users ACL Action Report excluded users

    After the process is complete, the log files contain the total count and the user names of users excluded from Oracle Search experience.

  • Compute access control list for all excluded users. To do that, run this process.
    Job Name Parameter Name Parameter Value
    Manage Excluded Users ACL Action Compute excluded usersACL
    User Popluation All excluded users

    This process attempts computation of access control list for all excluded users. Users whose computation succeeds within the 10 minutes threshold will no longer be excluded from Oracle Search experience.

  • Compute access control list for a single excluded users. To do that, run this process.
    Job Name Parameter Name Parameter Value
    Manage Excluded Users ACL Action Compute excluded usersACL
    User Popluation Single excluded user
    User Name Enter the user name here
    Create Diagnostic Report Yes

    This process attempts computation of access control list for a single user. The job will produce a diagnostic report that you can use to review or troubleshoot the user’s security setup.