1. Securing HCM
  2. Custom Criteria in Person Security Profiles

Custom Criteria in Person Security Profiles

You can secure person records by either area of responsibility or manager hierarchy. You can also use custom criteria, in the form of SQL statements, to add to or replace the standard criteria.

Example of Using Custom Criteria

This example shows how to use custom criteria in a person security profile. In this example, the person security profile needs to include the person record of anyone who was born before 01 January, 1990.

&TABLE_ALIAS.PERSON_ID IN (SELECT PERSON_ID FROM PER_PERSONS
WHERE DATE_OF_BIRTH < TO_DATE('01-JAN-1990', 'DD-MON-YYYY'))

The custom criteria can include any statement where the SQL predicate restricts by PERSON_ID or ASSIGNMENT_ID. The predicate must include either &TABLE_ALIAS.PERSON_ID or &TABLE_ALIAS.ASSIGNMENT_ID as a restricting column in the custom criteria.

Validating Custom Criteria

You validate custom criteria in two stages.

  1. When you click Validate in the Custom Criteria section of the page, a syntax check runs. Any syntax errors, such as missing brackets, misspelled keywords, or single-line comments, are reported.

    Note: You can include multiline comments in your SQL statements. Multiline comments start with a slash and an asterisk (/*) and end with an asterisk and a slash (*/). Single-line comments, which start with two hyphens (--), aren't valid.

  2. When you click Next to open the Preview page, some more validation takes place and these issues are reported:

    • Use of the letter A as an alias to the ASSIGNMENT_ID attribute, because A is reserved for Oracle use

    • References to tables that include personally identifiable information (PII), which can cause runtime errors

    • Use of commands such as UNION or JOIN, which can affect performance

You need to correct any validation errors.

Defining Exceptions to Areas of Responsibility

Let's say that a user should be able to access all person records in an organization, except those in specific grades or locations. You don't have to use custom criteria to exclude some records when you secure them by area of responsibility. Instead, you can include up to three exclusion rules in the person security profile. The rules define the criteria, such as grade or location, for excluding some records.

Related Topics