About Managing Access and Data Security

Profitability and Cost Management has two levels of security that control access to the service, its data, and its functionality.

For the first level of security, service level, Identity Domain Administrators create and manage accounts for environment users within an identity domain. To do this, they use the My Services application. Then, they assign predefined roles to these users to control the business activities that they can perform and the general areas of data that they can access. For more information about the service level of security, see About User and Role Management in Getting Started with Oracle Enterprise Performance Management Cloud for Administrators to set up Single Sign-On (SSO) and role-based access.

To view an overview video about security, see this video:

Video symbol Overview: Understanding Security in Profitability and Cost Management Cloud

The second level of security, application level, determines the data that users with various roles can view or work with. The second level of security is defined with access groups and data grants. There are predefined access groups, such as Users and Viewers, and native groups, created by Service Administrators (Granting Access to Data).

After Identity Domain Administrators create users and assign them to predefined roles, Service Administrators can further limit application access as follows:

  1. Service Administrators use Access Control to create native groups, also called Native Directory groups (Controlling Application Access).

  2. Service Administrators create data grants to restrict access for those with User and Viewer roles (Creating Data Grants).

  3. Service Administrators assign those with User and Viewer roles to native groups (Controlling Application Access).

  4. Service Administrators assign data grants to native groups. They can also assign data grants to individuals in special cases, but must not assign data grants to predefined groups (Assigning Data Grants to Individuals and Groups).

Administrative Tasks and Predefined Roles summarizes the functional user roles and the types of tasks they can perform.

See Getting Started with Oracle Enterprise Performance Management Cloud for Administrators for information about setting up service-level security.

For more information, see the following video:

Video symbol Managing Users and Assigning Roles in Profitability and Cost Management