1. Securing HCM
  2. Transaction Security Profiles

Transaction Security Profiles

By default, users who can access the Transaction Console can manage all transactions on the console. However, you may want to limit access so that users can manage only Talent or Compensation transactions, for example. This topic explains how to do this.

How to Secure Access to Transactions on the Transaction Console

To secure access to transactions on the Transaction Console, you have to do a few things:

  1. Create transaction security profiles.

  2. Create data roles and assign transaction security profiles to them.

  3. Assign the data roles to users.

  4. Enable transaction security.

You don't have to create the transaction security profiles separately. If you prefer, you can create them when you create the data roles. This topic explains how to create them separately, but the key steps are the same in both cases.

Creating Transaction Security Profiles

Use the Manage Transaction Security Profiles task to select the transaction types that users can manage. You can find this task in the Workforce Structures or Setup and Maintenance work area.

On the Create Transaction Security Profile page, you:

  1. Click the Create New icon.

  2. Set Family to the appropriate product family.

  3. Select a category. This value identifies a category of transactions that users can manage. Categories that you don't select are excluded.

  4. Optionally, select a subcategory.

    • The subcategory identifies transactions in the subcategory only. All other subcategories in the category are excluded, unless you select them separately.

    • If you select Exclude Subcategory, then users can manage transactions in the category, apart from those in the excluded subcategory.

You can repeat these steps to add other categories of transactions to the security profile. When you're finished, save your changes.

Creating Data Roles

To create a data role, you can use:

  • The Manage Data Roles and Security Profiles task in the Workforce Structures work area

  • The Assign Security Profiles to Role task in the Setup and Maintenance work area

The data role must:

  • Inherit either the predefined Human Capital Management Application Administrator job role or a custom role with the required privileges.

    • The predefined Human Capital Management Application Administrator job role inherits the Review HCM Approval Transactions as Administrator duty role. You can assign this duty role to custom roles.

    • The Review HCM Approval Transactions as Business User duty role isn't inherited by any predefined role. It enables a restricted set of actions on the Transaction Console. You can assign this duty role to custom roles, such as Human Resource Specialist.

  • Have an assigned transaction security profile. This security profile identifies the types of transactions that users can manage on the Transaction Console. You can:

    • Select a transaction security profile that you created using the Manage Transaction Security Profiles task.

    • Create a security profile in the data roles task flow.

    • Use one of the predefined security profiles, View All Transactions and View All HCM Transactions.

Create as many data roles as you need, and assign them to users. On the Transaction Console, those users can manage transactions:

  • That were created by people identified by the data role's person security profile

  • That belong to the categories in the data role's transaction security profile

Note that both conditions apply. You must also enable transaction security. Otherwise, users who can access the Transaction Console can manage all transactions, even if their data roles limit them to specified types of transactions.

Enabling Transaction Security

Transaction security is disabled by default. To enable transaction security, you use the Manage Enterprise HCM Information task. You can find this task:

  • In the Workforce Structures work area

  • In the Setup and Maintenance work area in the Workforce Structures functional area for your offering

Follow these steps:

  1. On the Edit Enterprise page, select Edit > Update.

  2. Complete the fields in the Update Enterprise dialog box and click OK.

  3. Scroll to the Transaction Console Information section. In the Transaction Console Information section, select Enable Transaction Security.

  4. Click Submit.

You have to enable transaction security once only. While it's enabled, access to transactions on the Transaction Console is secured, and users can manage only the transactions that their data roles allow.