Assign Security Profiles to Job and Abstract Roles

To give users access to data you usually create HCM data roles, which inherit job roles. However, you can also assign security profiles directly to job and abstract roles.

You're most likely to assign security profiles to abstract roles, such as Employee, to provide the data access that all employees need. For example, all employees must have access to the worker directory. You're less likely to assign security profiles to job roles, as users with the same job role typically access different data instances.

This topic describes how to:

  • Assign security profiles directly to a job or abstract role.

  • Remove security profiles from a job or abstract role.

Assign Security Profiles to Roles

You can assign security profiles to both predefined and custom job and abstract roles. Follow these steps to assign security profiles to a role:

  1. In the Setup and Maintenance work area, go to the following:

    • Functional Area: Users and Security

    • Task: Assign Security Profiles to Role

  2. On the Manage Data Roles and Security Profiles page, search for the job or abstract role.

  3. In the search results, select the role and click Edit.

  4. On the Edit Data Role: Role Details page, click Next.

  5. On the Edit Data Role: Security Criteria page, select the security profiles that you want to assign to the role.

  6. Click Review.

  7. On the Edit Data Role: Review page, click Submit.

On the Manage Data Roles and Security Profiles page, search for the role again. In the search results, confirm that the Assigned icon, a Check mark, appears in the Security Profiles Assigned column. The Assigned icon confirms that security profiles are assigned to the role.

Note: The role to which you're assigning security profiles may be a copy of another role with security profiles assigned. In this case, no Check mark appears in the Security Profiles Assigned column. However, a message warns you that the role already has data security policies from existing security profiles. The message suggests ways of removing these existing policies before proceeding. You're recommended to avoid this situation by revoking security profiles from roles before you copy them.

Revoke Security Profiles from Roles

You can remove security profiles that you assigned directly to a predefined or custom abstract or job role. For example, you may have assigned security profiles directly to a job role and included the job role in a data role later. In this case, users may have access to more data than you intended. Follow these steps to remove security profiles from a role:

  1. On the Manage Data Role and Security Profiles page, search for the job or abstract role.

  2. In the search results, select the role and confirm that security profiles are currently assigned to the role.

  3. Click Revoke Security Profiles. All security profiles currently assigned directly to the role are revoked.

Note: To replace the security profiles in an HCM data role, edit the data role in the usual way. You can't use the Revoke Security Profiles button.