Flow Security and Flow Owners
Your HCM data role security determines which flows you can submit or view. This topic explains how the HCM data roles and flow security work together.
Use the Payroll Flow Security Profile task in the Setup and Maintenance work area to define security for payroll flow patterns.
Payroll Flow Security and HCM Data Roles
HCM data roles secure the access to flows through data privileges and to the tasks on a checklist through functional privileges.
-
When you submit a flow pattern, it generates a checklist of the included tasks.
-
You become the owner of the flow and its tasks. If a flow pattern designates tasks to different owners, you remain the flow owner.
-
Either you or the owner of a task can reassign the task to someone else. For example, to cover situations where the task is overdue and the task owner is on leave.
This figure illustrates how the payroll manager and payroll administrator can submit a process or report and can view the results of the monthly payroll flow.
The payroll manager or the payroll administrator can submit the flow and perform its tasks or have the tasks reassigned to them. The payroll manager and the payroll administrator can perform the same tasks because both of them have the same functional privileges.They can both submit and view the payroll flow data.This figure illustrates how only the payroll manager can calculate the payroll. The payroll manager can't reassign this task to a payroll administrator, because the administrator doesn't have the necessary functional privileges to submit the monthly payroll flow action.
View Flow Security
When you submit a flow, you're taken to the Checklist page so that you can manage and monitor the tasks included in the flow.
- Click on a flow to go to the Checklist page of the selected flow. The checklist page shows the list of tasks in the flow as well as their completion status.
-
Click on a task to drill down to the Process Results Summary, it shows the employees processed within that task.
-
Click on the employee’s name to drill down to the Person Process Results page.
-
Navigate from the Person Process Results page to view the detailed process results for the employee. For example, view the Statement of Earnings, Messages, Balances, and Run Results for the Calculate Payroll task.
This table shows the function privilege that secure access to the View Flow Quick Action.
Page | Aggregate Privileges | Job Roles |
---|---|---|
View Flow | Access Payroll Flow (PAY_ACCESS_PAYROLL_FLOWS) | Payroll Manager, Payroll Administrator |
Access Payroll Flow aggregate privilege includes all the necessary function and data privileges to access the Checklist, Process Results Summary, and Person Results pages.
Including View Flow in Your User-Defined Role
- Create a role by either copying a predefined job role or creating a new one.
- Add the aggregate privilege: Access Payroll Flow.
- Depending on the type of flow the role should have access to, you might need to
provide additional function privileges such as:
- Verify Statement of Earnings (PAY_VERIFY_STATEMENT_OF_EARNING)
- View Employee Level Messages (PAY_VIEW_EMPLOYEE_LEVEL_MESSAGES)
- View Payroll Balance (PAY_VIEW_PAYROLL_BALANCE)
- View Payroll Run Results (PAY_VIEW_PAYROLL_RUN_RESULTS)
- Create a Payroll Flow security profile to include the flows your new role should have access to.
- Create a data role and associate the Payroll Flow security profile to it.
- QuickPay Results: If you want to use View Flow to access the QuickPay Results, you must grant access to the QuickPay Quick Action.
- Import and Load Data: If you want to use View Flow to view results of HDL uploads, additional privileges are required.
- Ability to take action on the tasks: Actions such as Retry or Rollback aren't available.
If the flow-level messages aren't displayed, ensure that your data role includes this data security profile: Search Person Live Data.
Troubleshooting
If you have problems submitting or completing a task in a flow, these are the actions you can take.
Problem |
Solution |
---|---|
Can't submit or view a flow |
Confirm that the data role assigned to you includes a security profile for the payroll flow pattern. |
Can't perform a task, such as a process or report |
Confirm that your data role is based on a job or abstract role that includes functional privileges to perform that task. |
Can’t view or take action on a flow task submitted by another user. |
Update the flow pattern to add a group to the specific task. |