Secure Access to Intents

Most intents are backed by REST APIs that are secured by function and aggregate privileges. Using these privileges, you can control the intents employees can access in Oracle Digital Assistant.

If you haven’t implemented or licensed a functionality required for an intent, don’t grant your employee role the privileges for those intents.

REST APIs not only give access to the conversation in the skill, but also evaluate data security to decide whether the user can see their own data or others' data within the skill response.

Some intents use deep links rather than REST APIs. There's no functional security check to decide which deep links the responses will include. When the user clicks a deep link provided by the digital assistant, a security check is performed. Users who don’t have the function privilege to perform the deep linked action will get an access error or a blank page. For actions that require selecting a person, the user must click the deep link and sign into the HCM Cloud Service before selecting a person. Data security is performed after the user searches for and selects the person.

See this Customer Connect document to learn how to create your custom role with the necessary privileges you need to get started with Oracle Digital Assistant.

The topics in this chapter identify the required privileges for REST APIs and deep links for all the intents included in the HCM, Hiring, Internal Candidate Experience, and Candidate Experience skills.