Projects REST API Security Enhancements

Control project access when using the Projects REST APIs with the security configuration. Application administrators can assign data security policies to project roles to get secured access to projects when using Projects REST APIs. For example, create policies and roles for project managers to provide access only to the projects that they are authorized to, when using the Projects REST APIs.

This enhancement has no impact on the existing roles. The current security still applies. Optionally, you can create a custom role to assign to users to meet your specialized security requirements. Detailed steps are listed in the Steps to Enable section below.

Business Benefit:

With this feature, enable selective access to projects via the Projects REST APIs in your PaaS solutions. For instance, in any custom integration using the Projects REST API, project managers or project administrators will have access solely to the projects they are authorized to manage.

Steps to Enable

Review the REST service definition in the REST API guides to leverage (available from the Oracle Help Center > your apps service area of interest > APIs & Schema). If you are new to Oracle's REST services you may want to begin with the Quick Start section.

Here are the detailed steps to grant project manager access to Projects REST API to access only their projects:

Steps to Configure Access to Projects REST API

Create a custom role by copying seeded Project Manager job role. Select the option to copy from Top Role when copying the role. Provide Role Name and Role Code and click Next. If you already have custom role, search for the custom job role that you want to grant REST API access and select Edit Role from the dropdown.

Create Custom Role

Click on Add Function Security Policy and search for “Manage Project Service” and add that privilege to the role. Click Next.

NOTE: Use View Project Service to allow only viewing of projects using the Projects REST service.

Add Function Security Policy

Add a new data security policy by clicking on Create Data Security Policy from the toolbar and provide the following details and save the changes.

Data Resource: Project for Table PJF_PROJECTS_ALL_VL
Data Set: Select by instance set

Condition Name: Access the PJT project for table PJF_PROJECTS_ALL_VL for project for which they are authorized.

Condition	Details
Access the PJT project for table PJF_PROJECTS_ALL_VL for project for which they are authorized.	Grants access to projects on which they are authorized.
The project access for table PJF_PROJECTS_ALL_VL for project business units on which they are authorized as defined in Manage Data Access for Users Page.	Grants access to projects belonging to a business unit on which they are authorized.
The projects access for table PJF_PROJECTS_ALL_VL for the project organizations on which they are authorized as defined in Manage Data Access for Users Page.	Grants access to projects belonging to an organization on which they are authorized.

Actions: Manage Projects Using Service Data Note: Use the action View Projects Using Service Data to allow only viewing of projects using the Projects REST service for projects for which the user is authorized.

Add Data Security Policy

Navigate to Setup and Maintenance and go to Manage Project Roles setup task and create a new project role from Manage Project Roles setup page and associate it to the new custom role.

Create New Project Role

Assign the project role to the resource on the project. The user can now access Projects REST APIs and have controlled access to only their projects.

Tips And Considerations

When adding new data security policies to custom roles, ensure the policies are directly associated to the role. Data security policies are not associated from inherited roles.

Key Resources

Related Help: REST API for Oracle Fusion Cloud Project Management guide available on the Oracle Help Center.

Access Requirements

Privilege details are listed above in the feature description section.