Data Security in Payroll Data Validation Reports
Configure the Data Validation Report to run based on the profile of the user who submits the report.
For example, if a user has access to employees only within a specific payroll or department, you can configure the report to only report data for those employees. The access the user has is defined by the data security profile attached to the user's role.
Here are the tasks required to configure and run the report based on the profile of the user submitting the report:
-
Sign in as IT Security Manager and define HCM data roles and setup data security. Assign the data roles to the application user as per the requirement of your enterprise.
-
Sign in as Payroll Manager and secure the 'Payroll Data Validation Report' at the Legislative Data Group level.
-
Sign in as application user to whom the privileges are assigned and run the report.
Define Data Roles and Assign Data Roles to the Application User
No predefined HCM data roles exist. While creating an HCM data role, include a job role. The secured HCM object types that the job role accesses are identified automatically, and sections for the appropriate security profiles appear. Select or create security profiles for those object types in the HCM data role.
For each object type, you can include only one security profile in an HCM data role, which is known as Security Profile. Consider the following to complete the setup.
-
You must have the IT Security Manager Job role to perform this task.
-
To create an HCM data role, use the Assign Security Profiles to Role task in the Setup and Maintenance work area.
-
For more information on setting up the data security as per the requirement of the enterprise, see Oracle Human Capital Management Cloud Securing HCM.
Here are the steps required to configure the report based on the profile of the user submitting the report.
-
Search and select the Payroll Flow Patterns task from Payroll in My Client Groups on your Home page.
-
Search for the Run Payroll Data Validation Report flow pattern.
-
Select the required Legislative Data Group.
-
Click Edit.
-
Click Go to Task and click Edit.
-
Select the row and click the Edit on the tool bar for the row.
-
Select the Secure Process or Report check box and click Save.
-
Alternately, you can click on Remove all Updates.
Repeat these steps for each Legislative Data Group, where the setting must apply. This configuration, although done on the delivered flow pattern, is preserved during patching and upgrades.
Submit Report
When you submit the report, consider the following:
-
Select the Payroll Statutory Unit (PSU) from a secured list of values. If the user's data security is restricted by the PSU, then the user can only run the report for that PSU they have access to, even if the report is run as the elevated user by default.
-
If the user's data access is restricted based on other attributes like department or payroll, configure the report based on the user profile. This is only if you must restrict the report to the profile of the user submitting the report and only data for the department or payroll is reported.