1. Securing HCM
  2. Create a Role Mapping

Create a Role Mapping

To provision roles to users, you create role mappings. This topic explains how to create a role mapping.

Sign in as IT Security Manager and follow these steps:

  1. In the Setup and Maintenance work area, go to the following:

    • Functional Area: Users and Security

    • Task: Manage Role Provisioning Rules

  2. In the Search Results section of the Manage Role Mappings page, click Create.

    The Create Role Mapping page opens.

Define the Role-Mapping Conditions

Set values in the Conditions section to specify when the role mapping applies. For example, the values shown in this table limit the mapping to current employees of the Procurement Department in Denver whose job is Chief Buyer.

Field

Value

Department

Procurement Department

Job

Chief Buyer

Location

Denver

System Person Type

Employee

HR Assignment Status

Active

Users must have at least one assignment that meets all these conditions.

Identify the Roles

  1. In the Associated Roles section, click Add Row.

  2. In the Role Name field, search for and select the role that you're provisioning. For example, search for the data role Procurement Analyst Denver.

  3. Select one or more of the role-provisioning options shown in this table.

    Role-Provisioning Option

    Description

    Requestable

    Qualifying users can provision the role to other users.

    Self-Requestable

    Qualifying users can request the role for themselves.

    Autoprovision

    Qualifying users acquire the role automatically.

    Qualifying users have at least one assignment that matches the role-mapping conditions.

    Note: Autoprovision is selected by default. Remember to deselect it if you don't want autoprovisioning.

    The Delegation Allowed option indicates whether users who have the role or can provision it to others can also delegate it. You can't change this value, which is part of the role definition. When adding roles to a role mapping, you can search for roles that allow delegation.

  4. If appropriate, add more rows to the Associated Roles section and select provisioning options. The role-mapping conditions apply to all roles in this section.

  5. Click Save and Close.

Apply Autoprovisioning

You're recommended to run the process Autoprovision Roles for All Users after creating or editing role mappings and after loading person records in bulk. This process compares all current user assignments with all current role mappings and creates appropriate autoprovisioning requests.

Related Topics