1Introduction
Security Reference: Overview
Security Reference Guides describe the Oracle Fusion Applications security reference implementation. This guide includes descriptions of all the predefined data that is included in the security reference implementation for an offering. The reference implementation can be configured to fit divergent enterprise requirements.
Security Reference Implementation
The Oracle Fusion Applications security approach supports a reference implementation that addresses common business security needs and consists of roles and policies.
Oracle Fusion Applications Security Reference Guides present the following information about the predefined security reference implementation.
The abstract and job roles for an offering
Duty roles and the role hierarchy for each job role and abstract role
Privileges required to perform each duty defined by a duty role
Data security policies for each job role, or abstract role
Policies that protect personally identifiable information
Data security policies on fact and dimension to ensure enforcement across tools and access methods
For an overview and detailed information about the Oracle Fusion Applications security approach, including an explanation of role types, enforcement, and how to implement and administer security for your deployment, see your product security guide.
How to Use this Security Reference Guide
Enterprises address needs specific to their organization by changing or extending the role definitions, role hierarchies, and data security policies of the reference implementation. You may also be subject to specific legal, regulatory, and industry requirements. You are solely responsible for your adherence to these requirements when assigning roles, privileges and granting access for your enterprise.
For each job or abstract role, review the duties, role hierarchy, and policies that it carries so you understand which users should be provisioned with the role, or which adjustments your enterprise requires before the role can be provisioned.
Review the data security policies conferred on job roles by their inherited duty roles.
Review the privacy in effect for a job or abstract role based on its data security policies. Privacy is additionally protected by security components, as described in your product security guide.