1. Securing Risk Management
  2. Select Users or Groups for Records

Select Users or Groups for Records

You must be the owner of a record to modify its data security. If so, you can select the users who work with it, and you can set their levels of access to it.

You may be the owner of a record either because you created it or because you've been added as an owner of it.

Depending on the type of object you're working with:

  • Security configuration may occur as a step in a "guided process" as you create or edit a record.

  • A Security Assignment button may appear in the page to view or edit a record. Clicking it opens a Security Assignment page. (The button isn't available while the record is being created, but appears immediately after its creator saves or submits it for the first time.)

In either case, you can select individuals or user groups. Typically, if you create groups and assign them to records, you'll have less to keep track of, and so security management will be easier.

To select individual users, click Add in a User Assignments panel. Search for and select a user in a Name field. Then make these selections:

  • In an Authorized As field, select Owner, Editor, or Viewer. An owner can edit details of the record, including its security configuration. An editor can't modify the security configuration, but can modify other details. A viewer can see record details, but can't change them. These are authorizations that apply in any Oracle Fusion Cloud Risk Management application. You must select one value for each user you add to a record.

    You can select less access for a record than a user's role allows. For example, a user may be eligible to own, edit, or view records of an object. If you select that user as a viewer for a record, he can't edit it, even though he remains eligible to be selected at any level for other records of the object.

  • In an Authorizations field, optionally select one or more authorizations specific to Oracle Fusion Cloud Financial Reporting Compliance or to Oracle Fusion Cloud Access Certifications. (This field doesn't apply to Oracle Fusion Cloud Advanced Controls or to user groups, and so doesn't appear as you secure their records.)

    The two types of authorization are distinct. For example, you may select a user as a viewer of a risk in Oracle Financial Reporting Compliance. You may also select her as an approver. If so, she can't edit the risk record itself, but she does have write access to the page in which the risk is either approved or rejected.

    While an Authorizations selection is optional for individual users, making no selection for any user would have an impact on functionality. For example, if you select no user as an approver or reviewer of a record, that record isn't subject to review or approval. For another example, it makes no sense to create a certification project if you select no users to manage and certify roles within it.

To select user groups, click Add in a Group Assignment panel. Search for and select one or more groups.

  • Each group is granted a single authorization when it's created. As you select a group for a record, you can view its authorization, but you can't change it. You may assign multiple groups to a record, to combine authorizations. (See Manage User Assignment Groups.)

  • A group is available to be selected for a record only if at least one of its members is eligible for that record. Groups with no eligible users are excluded.

  • Over time, members may be added to or dropped from groups, or their role assignments may change. This may result in a group having been assigned to a record but no longer having members who are eligible for it. If so, a warning icon appears next to the group name.

In either the User Assignment or Group Assignment panel, you can filter lists by authorization. Use either of two methods:

  • Click Show Filters, then click an authorization in either of two lists: "Authorized As" or "Ineligible User." The panel then displays users or groups either granted the authorization you selected, or ineligible for it. Also, an "Authorized As [authorization]" or an "Ineligible User [authorization]" button appears, and the filter remains in force until you select the delete icon for the button. Multiple filters have an AND relationship.

  • Type an authorization in the Search by field, preceding it either by a plus sign or a minus sign. A plus sign with an authorization is equivalent to selecting that authorization in the Authorized As list. For example "+Owner" returns authorized owners, or groups each of which has at least one member eligible to be an owner. A minus sign with an authorization is equivalent to selecting that authorization in the Ineligible User list. For example, "-Owner" returns users who were authorized for the record as owners, but are no longer eligible for it.

See Secure Records in Advanced Controls, Secure Records in Financial Reporting Compliance, and Secure the Certification for user-authorization details specific to each application.