Introduction

Cloud HCM provides a capability to extract data from HCM using underlying new generation BOSS/Spectra platform. This tutorial describes security configuration that is a prerequisite for extracting data.

Objectives

Upon completing this tutorial, you will understand how to:

  • Configure an HCM job role for data extraction
  • Configure an OAuth client application to programmatically extract data using API calls

Task 1: Prepare an HCM Job Role

In order to access data in the hierarchy of Worker-related objects, certain Permission Groups have to be added to a new or existing HCM job role.

Follow the steps below to ensure appropriate data access.

  1. Go to Setup and Maintenance
    1. Search for Manage Administrator Profile Values and enter this task
    2. Search for the profile value by profile option code ORA_ASE_SAS_INTEGRATION_ENABLED
    3. Set its value to Yes at the Site level
    4. Save the profile value
  2. Go to Tools → Security Console
    1. Create or edit a role of role category HCM - Job Roles
    2. Click Enable Permission Groups and confirm
    3. Go to the Permission Groups train stop
      1. Click Add Permission Group
      2. Search for boss_execute_AsyncDataExtraction_OraBatchJobDefinition and select it
      3. Click Add Selected Permission Groups
      4. Close the popup window
    4. Go to the Role Hierarchy train stop
      1. Click Roles and Permission Groups
      2. Click Add Role
      3. Make sure Duty roles option is selected
      4. Search for ORA_DR_PER_WORKER_EXTRACT_DUTY and select it
      5. Click Add Role Membership
      6. Close the popup window
    5. Go to the Summary train stop
    6. Review the changes and save them

Task 2: Create an Application

Spectra APIs can only be accessed by confidential applications that use OAuth 2.0. You'll need to define one in Oracle Identity Cloud Service (IDCS).

  1. Log into the IDCS Admin Console and navigate to the given pod's identity domain
  2. Click Integrated applications
  3. Click Add application
  4. Select Confidential Application and click Launch workflow
  5. Provide Name (e.g. Extracts Application)
  6. Click Next
  7. Select Configure this application as a client now
  8. Choose Allowed grant types as Client credentials and JWT assertion
  9. Choose Client type as Confidential
  10. Choose Allowed operations as On behalf of
  11. Enable Bypass consent
  12. Select Add resources
  13. Click Add scope, then search and select following scopes
    • Oracle SaaS Batch Cloud Service
    • Oracle Boss Cloud (Spectra)
  14. Click Add
  15. Click Next
  16. Click Finish
  17. Select the newly created application and activate it by clicking Activate and Activate application
  18. In your application details, find the Client ID and Client secret that will be used to generate access tokens

Task 3: Assign the Role to the Application

Now it's time to assign the role from step #1 to the application from step #2.

  1. Go to Tools → Security Console
  2. Click Application Extensions
  3. Find your application in the Custom OAuth Client Applications section and click its name
  4. Click Roles
  5. Click Add
  6. Search for your role and select it
  7. Click Add
  8. Click Done

Task 4: Obtain a Token

Here's how you can obtain a token to extract data using Spectra services.

URL {{idcsUrl}}/oauth2/v1/token
HTTP method POST
Authorization Basic auth with clientId and clientSecret
Content-Type header application/x-www-form-urlencoded
Request body

URL-encoded

For accessing /api/boss endpoints

grant_type=client_credentials&scope=urn:opc:resource:fusion:{{pod}}:boss/

For accessing /api/saas-batch endpoints

grant_type=client_credentials&scope=urn:opc:resource:fusion:{{pod}}:saas-batch/

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.