Role Inheritance
When you assign data and abstract roles to users, they inherit all of the data and function security associated with those roles. You can explore the complete structure of a job or an abstract role on the Security Console.
Each role is a hierarchy of other roles:
-
HCM data roles inherit job roles.
-
Job and abstract roles inherit many aggregate privileges. They may also inherit a few duty roles.
In addition to aggregate privileges and duty roles, job and abstract roles are granted many function security privileges and data security policies directly.
-
Duty roles can inherit other duty roles and aggregate privileges.
Role Inheritance Example
This example shows how roles are inherited. The figure shows a few representative aggregate privileges and a single duty role. In reality, job and abstract roles inherit many aggregate privileges. Any duty roles that they inherit may themselves inherit duty roles and aggregate privileges.
In this example, user Bob Price has two roles:
-
HR Specialist Vision Corporation, a data role
-
Employee, an abstract role
This table describes the two roles.
Role |
Description |
---|---|
HR Specialist Vision Corporation |
Inherits the job role Human Resource Specialist. This role inherits the aggregate privileges and duty roles that provide access to the tasks and functions that a human resource specialist performs. The security profile assigned to the data role provides access to secured data for the role. |
Employee |
Inherits the aggregate privileges and duty roles that provide access to all tasks and functions, unrelated to a specific job, that every employee performs. The security profile assigned to the abstract role provides access to secured data for the role. |