1. Securing HCM
  2. Export and Import HCM Security Setup

Export and Import HCM Security Setup

You're looking at migrating your HCM custom roles, data roles, security profiles, and other security-related objects from one environment to another. To accomplish most of your HCM security migration needs, export the business objects in the Users and Security functional area within the Workforce Deployment offering.

Other offerings have a Users and Security functional area, but only the Workforce Deployment offering has the business objects that support migration of HCM custom roles within its Users and Security functional area.

Before You Begin

Learn how to export and import business object data. Detailed instructions are available in the Overview of Setup Data Export and Import topic of the Using Functional Setup Manager guide. See the Related Topics section for the link to this topic.

What Gets Exported and Imported

When you migrate HCM roles and security profiles, the following business objects are exported in the configuration package generated from the Users and Security functional area within the Workforce Deployment offering.

  • Application Data Security

  • Application Profile Value

  • Country Security Profile

    • Country Security Profile Country List

  • Functional Security Custom Roles

    • Functional Security Custom Role Hierarchy

    • Functional Security Custom Role Privilege Membership

  • HCM Data Role

    • HCM Data Role Security Profile

  • HCM Exclusion Rule

    • HCM Exclusion Rule Detail

  • HCM Public Worker Access

    • HCM Public Worker Access Detail

  • HR Document Type Security Profile List

    • HR Document Type Security Profile List

  • Legislative Data Group Security Profile

    • Legislative Data Group Security Profile List

  • Organization Security Profile

    • Organization Security Profile Classification List

    • Organization Security Profile Organization List

  • Position Security Profile

    • Position Security Profile Position List

    • Position Security Profile Area of Responsibility Scope

  • Payroll Security Profile

    • Payroll Security Profile Pay

  • Payroll Flow Security Profile

    • Payroll Flow Security Profile Pay

  • Payroll Element Security Profile

    • Payroll Element Security Profile Details

  • Person Security Profile

    • Person Security Profile Manager Type

    • Person Security Profile Area of Responsibility Scope

    • Person Security Profile Exclusion

  • Talent Pools Security Profile
    • Talent Pools Security Profile Job Family
    • Talent Pools Security Profile Department
    • Talent Pools Security Profile Business Unit

  • Transaction Security Profile

    • Transaction Security Profile Entries

    • Transaction Security Profile Sub Categories

  • Role Provisioning Rule

    • Role Provisioning Associated Role List

Let's closely examine each business object to know what it contains.

Business Object

Information Included in Export and Import

Application Data Security

Application data security includes data security policies that are created in the following ways:

  • Manually using the Manage Database Resources page in the security console.

  • Manually using the Edit role/Copy role flow in the security console

  • Automatically when you copy a role using the Role Copy in the security profile

  • Automatically when you create profile content types

  • Automatically when you map HCM spreadsheet business objects to roles

Data security policies that are generated by the HCM Data Roles UI aren't exported as part of the application data security business object. They're automatically created on the target environment when you import the HCM Data Role business object.

Data security conditions that are generated from HCM security profiles aren't exported as part of the Application Data security business object. They're automatically created on the target environment when the HCM security profile business objects are imported.

Note:

There's no scope support for application data security policies. When you export application data security policies all data security policies are exported, even if you provided a scope value for other security business objects in your configuration package.

There's no Export to CSV option for this business object.

Application Profile Value

Application profile value includes the profile values for the PER_MASTER_WORK_EMAIL profile.

This profile option is no longer used and no values are exported for this business object.

Country Security Profile

Country security profile includes the following details:

  • Country Security Profile Name

  • Enabled Checkbox

Country Security Profile List

Country security profile list includes the following details:

  • Country Security Profile Name

  • Country code

Functional Security Custom Roles

The custom role includes the following details:

  • Role Code

  • Role Name

  • Role Description

  • Role Category

  • All IP Address Access - indicates that a role is granted access to the Security Control irrespective of the IP address from where it's signed in.

Note:

The scope is limited to User Assignable roles only.

Functional Security Custom Role Hierarchy

The role hierarchy includes the following details:

  • Parent Role

  • Member Role

  • Add or Remove Role Membership

Functional Security Custom Role Privilege Membership

The role privilege membership includes the following details:

  • Parent Role

  • Member Privilege

  • Add or Remove Privilege Membership

HCM Data Role

The HCM data role includes the following details:

  • Data Role Code

  • Data Role Name

  • Data Role Description

  • Inherited Job Role Code

  • Delegation Allowed Checkbox

HCM Data Role Security Profile

The HCM data role security profile includes the following details:

  • Data Role Code

  • Securing Object

  • Security Profile Name

HCM Exclusion Rule

HCM exclusion rule and HCM exclusion rule detail includes HCM exclusion rule definitions.

  • HCM Exclusion Rule

  • HCM Exclusion Rule Detail
HCM Public Worker Access

HCM public worker access and HCM public worker access detail includes the public worker filtering restrictions you’ve defined against your Oracle Search for public workers.

  • HCM Public Worker Access
  • HCM Public Worker Access Detail

HR Document Type Security Profile

HR document type security profile includes the following details:

  • HR Document Type Security Profile Name

  • Enabled Checkbox

  • View All Checkbox

  • Include/Exclude Checkbox

HR Document Type Security Profile List

HR document type security profile list includes the following details:

  • HR Document Type Security Profile Name

  • Document Type Name

Legislative Data Group Security Profile List

Legislative data group security profile list includes the following details:

  • Legislative data group security profile name

  • Legislative data groups that are included in the legislative data group security profile

Organization Security Profile

Organization security profile includes the following details:

  • Organization Security Profile Name

  • Enabled Checkbox

  • View All Checkbox

  • Include Future Organizations Checkbox

  • Code indicating Department Hierarchy or Generic Organization Hierarchy

  • Hierarchy Name (if securing by organization hierarchy)

  • Top Organization Name (if securing by organization hierarchy)

  • Include Top Organization Checkbox

  • Secure by Organization Hierarchy Checkbox

  • Secure by Organization Classification Checkbox

  • Secure by Organization List Checkbox

Organization Security Profile Classification List

Organization security profile classification list includes the following details:

  • Organization Security Profile Name

  • Organization Classification Name

Organization Security Profile Organization List

Organization security profile organization list includes the following details:

  • Organization Security Profile Name

  • Organization name

  • Organization Classification

  • Include/Exclude Checkbox

Payroll Element Security Profile

Payroll element security profile includes the following details:

  • Element Security Profile
  • Name

Payroll Element Security Profile Details

Payroll element security profile details includes the following details:

  • Name
  • Element Security Profile Details
  • Legislative Data Group Name
  • Classification Name
  • Element Name
Payroll Flow Security Profile

Payroll flow security profile includes the following details:

  • Payroll Flow Security Profile Name

  • Enabled Checkbox

  • View All Checkbox

Payroll Flow Security Profile Pay

Payroll flow security profile pay includes the following details:

  • Payroll Flow Security Profile Name

  • Flow Name

Payroll Security Profile

Payroll security profile includes the following details:

  • Payroll Security Profile Name

  • Enabled Checkbox

  • View All Checkbox

Payroll Security Profile Pay

Payroll security profile pay includes the following details:

  • Payroll Security Profile Name

  • Payroll Name

  • Legislative Data Group Name

Person Security Profile

Person security profile includes the following details:

  • Person Security Profile Name

  • Description

  • Enabled Checkbox

  • Access to Own Record Checkbox

  • Include Future People Checkbox

  • Include Shared People Information Checkbox

  • Access to Candidates with Offers Checkbox

  • Secure by Area of Responsibility

  • Secure by Manager Hierarchy Checkbox

  • Person or Assignment Checkbox

  • Maximum Levels in Hierarchy

  • Manager Hierarchy Type

  • Hierarchy Content Code

  • Secure by Person Type Checkbox

  • Secure by Department Checkbox

  • Department Security Profile Name (if securing by department)

  • Secure by Business Unit Checkbox

  • Business Unit Profile Name (if securing by business unit)

  • Secure by Legal Employer Checkbox

  • Legal Employer Security Profile Name (if securing by legal employer)

  • Secure by Position Checkbox

  • Position Security Profile Name (if securing by position)

  • Secure by Legislative Data Group Checkbox

  • Legislative Data Group Security Profile Name (if securing by legislative group)

  • Secure by Payroll Checkbox

  • Payroll Security Profile Name (if securing by payroll)

  • Secure by Global Name Range Checkbox

  • Global Name Range Start Value (if securing by global name range)

  • Global Name Range End Value (if securing by global name range)

  • Apply Exclusion Rules Checkbox

  • Secure by Custom Criteria Checkbox

  • Custom Restriction Text (if securing by custom criteria)

Person Security Profile Area of Responsibility Scope

Person security profile area of responsibility scope includes the following details:

  • Person Security Profile Name

  • Responsibility Type

  • Scope of Responsibility

  • Employee Checkbox

  • Contingent Worker Checkbox

  • Pending Worker Checkbox

  • Nonworker Checkbox

  • Candidate with Offer Checkbox

Person Security Profile Exclusion

Person security profile exclusion includes the following details:

  • Person Security Profile Name

  • Exclusion Rule Name

Person Security Profile Manager Type

Person security profile manager type includes the following details:

  • Person Security Profile Name

  • Manager Hierarchy Type (if something other than All or Line Manager has been selected on the security profile)

Position Security Profile

Position security profile includes the following details:

  • Position Security Profile Name

  • Description

  • Enabled Checkbox

  • View All Checkbox

  • Include Future Positions Checkbox

  • Hierarchy Name (if securing by position hierarchy)

  • Top Position Name (if securing by position hierarchy)

  • Include Top Position Checkbox

  • Top Position Name (if securing by organization hierarchy)

  • Secure by Position Hierarchy Checkbox

  • Secure by Department Checkbox

  • Department Organization Security Profile Name (if securing by department)

  • Secure by Business Unit Checkbox

  • Business Unit Organization Security Profile Name (if securing by business unit)

  • Secure by Position List Checkbox

  • Secure by Area of Responsibility Checkbox

Position Security Profile Area of Responsibility Scope

Position security profile area of responsibility scope includes the following details:

  • Position Security Profile Name

  • Responsibility Type

  • Scope of Responsibility

Position Security Profile Position List

Position security profile position list includes the following details:

  • Position Security Profile Name

  • Position Code

  • Include/Exclude Checkbox
Talent Pools Security Profile

Talent pools security profile includes the following details:

  • Talent Pool Security Profile Name
  • Enabled Checkbox
  • View by Ownership Checkbox
  • View All Checkbox
  • View All Public Talent Pools Checkbox
  • Secure by Business Unit Checkbox
  • Secure by Department Checkbox
  • Secure by Job Family Checkbox
Talent Pools Security Profile Business Unit

Talent pools security profile business unit includes the following details:

  • Talent Pool Security Profile Name
  • Business Unit Name
Talent Pools Security Profile Department

Talent pools security profile department includes the following details:

  • Talent Pool Security Profile Name
  • Department Name
Talent Pools Security Profile Job Family

Talent pools security profile job family includes the following details:

  • Talent Pool Security Profile Name
  • Job Family Name

Transaction Security Profile

Transaction security profile includes the following details:

  • Transaction Security Profile Name

  • Description

  • Enabled Checkbox

  • View All Checkbox

Transaction Security Profile Entries

Transaction security profile entries include the following details:

  • Transaction Security Profile Name

  • Product Family

  • Category Code

  • All Sub Categories Checkbox

  • Exclude Sub Category Checkbox

Transaction Security Profile Sub Categories

Transaction security profile sub categories include the following details:

  • Transaction Security Profile Name

  • Product Family

  • Category Code

  • Sub Category Code

Role Provisioning Associated Role List

Role provisioning associated role list includes the following details:

  • Mapping Rule Name

  • Role Code

  • Requestable Checkbox

  • Self-Requestable Checkbox

  • Autoprovision Checkbox

Role Provisioning Rule

Role provisioning rule includes the following details:

  • Mapping Rule Name

  • Legal Employer Name

  • Business Unit Name

  • Department Name

  • Job Set Code

  • Job Code

  • Position Business Unit Name

  • Position Code

  • Grade Set Code

  • Grade Code

  • Location Set Code

  • Location Code

  • User Person Type

  • System Person Type

  • Assignment Type

  • HR Assignment Status Code

  • Resource Role

  • Party Type Usage Code

  • Contact Role

  • Manager with Reports Checkbox

  • Manager Type

  • Responsibility Type

Other business objects that you might like to export when migrating HCM custom roles are:

  • Job Requisition Security Profile

  • Spreadsheet Business Object Security Mapping

Let's closely examine each of these business objects to know what they contain.

Business Object

Information Included in Export and Import

Job Requisition Security Profile

Job requisition security profile includes the following details:

  • Job Requisition Security Profile Name

  • Enabled Checkbox

  • View All Checkbox

  • Secure by Job Family Checkbox

  • Secure by Job Function Checkbox

  • Secure by Location Checkbox

  • Secure by Organization Checkbox

  • Secure by Recruiting Type Checkbox

Spreadsheet Business Object Security Mapping

HCM spreadsheet business object access mapping includes the following details:

  • Role Code

  • Business Object

  • Product Area

  • Enabled Checkbox

  • All Business Objects Checkbox

You can migrate job requisition security profiles by exporting the business objects in the Users and Security functional area within the Recruiting and Candidate Experience offering. You should do this before migrating the business objects in the Users and Security functional area within the Workforce Deployment offering. You must have the Recruiting Administrator role to export and import job requisition security profiles.

You can migrate HCM spreadsheet business object access mappings by exporting the business objects in the HCM Data Loader functional area within the Workforce Deployment offering. You should do this after migrating the business objects in the Users and Security functional area. You must have the Human Capital Management Integration Specialist role to export and import HCM spreadsheet business object access mappings.

After the Import Completes

You might need to wait for a period of time before all the migrated data security policies are visible in the security console after completing the import of the configuration package that's generated from the Users and Security functional area within the Workforce Deployment.

When application data security policies are imported, a process runs in the background to sync the imported data security policies with the roles on the target environment. The imported data security policies aren't active until this process has completed, at which point the data security policies will be visible in the security console. This affects data security policies for custom roles that have been copied from other roles in the source environment. It also affects custom roles that have data security policies that were added manually using the security console.

Note:

No manual regeneration processes are needed on the target environment; the import process triggers the role regeneration process. This only applies if you're importing the HCM Data Role business object.

What's Not Included

Data security policies that have been manually created from the security console, and which reference conditions that have been generated from an HCM security profile, must be manually recreated on the target environment. You must import the condition by importing the appropriate HCM security profile business object before creating these data security policies in the target environment.

Related Topics