One of your ideas has been delivered from your suggestion.Secure Elements Through HCM Data Roles

You can now define an element security profile on the Data Role and Security Profiles page to restrict access to certain elements through the assigned data (or abstract) role. Users can enter, view, and edit certain earnings and deductions that are meant for their respective usage.

This feature includes changes to the following areas:

  • HCM Data Roles and Security Profiles where you will see a new Element Security Profile selection on the Security Criteria train stop
  • A new Element sub-train stop on the Assign Security Profiles to Role page
  • Preview HCM Data Security page
  • A new parameter for the element security profile in the Regenerate Data Security Profiles scheduled process 
  • Data roles migration support

For example, when you create a data role referencing the Benefits Specialist job role, you now see an Element section on the Create Data Role: Security Criteria page.

Including an Element Security Profile in a Data Role

Including an Element Security Profile in a Data Role

A predefined element security profile, View All Elements, is delivered as a default value. As this is the current behavior, you will see this value appear after your upgrade on existing data roles.

You can also create an element security profile. When you create an element security profile in the data roles task flow, you see the following section on the Assign Security Profiles to Role: Element Security Profile page.

Viewing Element Security Profile Details from the Elements Train Stop

Viewing Element Security Profile Details from the Elements Train Stop

To create an element security profile, refer to the What's New documentation for Secure Elements through HCM Data Roles under the 24A Global Payroll section.

You can also create element security profiles separately using the Manage Element Security Profiles Setup and Maintenance task.  You can specify elements related to corresponding Legislative Data Groups or Classifications.

Creating Element Security Profile

Creating Element Security Profile

When regenerating security profiles in bulk, you can run the Regenerate Data Security Profiles process only for element security profiles, or you can leave the parameters blank to regenerate all security profiles.

Regenerating Security Profiles Scheduled Process Parameters

Regenerating Security Profiles Scheduled Process Parameters

The Setup and Maintenance Export and Import Data Role Migration process now supports Element security profiles.

You can now restrict access to certain elements based on your organizational business needs.

Steps to Enable

•    Run the Regenerate Data Security Profiles and Grants job set.

•    By default, all your existing data roles are automatically updated with the View All Elements element security profile as part of the post-upgrade process. If you don’t wish to enable this feature, there’s no further action for you to take. 

•    You can take advantage of this new functionality by defining more restrictive element security profiles. You can create an Element Security Profile to include or exclude elements as per your specific requirements and add this profile to a specific data role.

Tips And Considerations

  • For backward compatibility after the Update 24A upgrade, the default behavior will be to continue to have "view all" access to the elements. 
  • When upgrading to Update 24A, the Regenerate Data Security Profiles and Grants job set will be run; you should verify it ran successfully.  You should see that the View All default value appears on your data roles after upgrading.
  • If you have any automated test cases that try to edit a role or create a new data role based on impacted job roles, you must populate the element security profile value.

Key Resources

For more information see the following topics in the Oracle Help Center:

You can also see the Whats New documentation for Secure Elements through HCM Data Roles in the Payroll What's New under Global Payroll in Update 24A.

Access Requirements

To use this feature, you need these job role names and codes:

  • Application Implementation Consultant (ORA_ASM_APPLICATION_IMPLEMENTATION_CONSULTANT_JOB)
  • Benefits Administrator (ORA_BEN_BENEFITS_ADMINISTRATOR_JOB)
  • Benefits Manager (ORA_BEN_BENEFITS_MANAGER_JOB)
  • Benefits Specialist (ORA_BEN_BENEFITS_SPECIALIST_JOB)
  • Compensation Administrator (ORA_CMP_COMPENSATION_ADMINISTRATOR_JOB)
  • Human Capital Management Application Administrator (ORA_HRC_HUMAN_CAPITAL_MANAGEMENT_APPLICATION_ADMINISTRATOR_JOB)
  • Human Capital Management Integration Specialist (ORA_HRC_HUMAN_CAPITAL_MANAGEMENT_INTEGRATION_SPECIALIST_JOB)
  • Human Resource Analyst (ORA_PER_HUMAN_RESOURCE_ANALYST_JOB)
  • Human Resource Manager (ORA_PER_HUMAN_RESOURCE_MANAGER_JOB)
  • Human Resource Specialist (ORA_PER_HUMAN_RESOURCE_SPECIALIST_JOB)
  • Payroll Administrator (ORA_PAY_PAYROLL_ADMINISTRATOR_JOB)
  • Payroll Manager (ORA_PAY_PAYROLL_MANAGER_JOB)