Create a Condition Scoping Filter
Condition filters select from a pool of roles and therefore exclude the roles they don't select.
-
If a certification uses top-down scoping, a condition filter selects from a pool that includes all assignable roles. The only attribute available to a condition filter is Access Point, and the filter selects or excludes roles involving an access point you specify.
For example, assume you begin with a pool of roles that includes Accounts Payable Manager. The condition filter Access Point Equals Accounts Payable Manager would select that one role and so exclude others. Or the condition filter Access Point Does Not Equal Accounts Payable Manager would exclude that role and accept others.
-
If a certification uses bottom-up scoping, a condition filter selects from a pool that includes roles returned by an access-point or entitlement filter. The Access Point attribute is available to condition filters, but so are other attributes that recognize definitions configured in the Manage Data Access for Users task in Oracle Fusion Functional Setup Manager. In that task, you define the data access each user has when assigned a particular role. A condition filter may then allow a certification to scope that role, but only as it applies to users with the defined data access.
For example, Manage Data Access for Users may specify that the assignment of a role to some users grants access only to data associated with a specific business unit. A certification may then scope that role, but if a condition filter sets a Business Unit attribute equal to that unit, the role is scoped only as assigned to those users.
To create a condition filter:
-
Click the Add button in the Scoping Filters region. A row appears.
-
In the Object field of that row, select Access Condition.
-
In the Attribute field, select the attribute you want to base the condition on. For top-down scoping, Access Point is the only available attribute. For bottom-up scoping, you can select Access Point or any of the data-security attributes that depend on Manage Data Access for Users configurations: Asset Book, Business Unit, Data Access Set, Ledger, or Reference Data Set.
-
In the Condition field, select one in a set of predefined conditions:
-
Equals or Does not equal: Select records with attribute values that match, or don't match, a value you select.
-
Contains or Does not contain: Select records with attribute values whose names include, or don't include, a text string you compose.
-
Matches any of or Matches none of: Select records with attribute values whose names match one of any number of values you select, or match none of them.
-
-
In the Values field, provide a value that completes the filter:
-
If the filter uses the Access Point attribute, then depending on the condition you selected, specify one or more roles, or a text string that a role name may or may not contain. If the condition requires a role name as a value, the Values field searches for role names that include the text you've typed, and you can select among search results.
-
If the filter uses any of the data-security attributes, then depending on the condition you selected, specify one or more values appropriate for the attribute. For example, for the Business Unit attribute, you'd specify one or more business-unit names, or a text string that a business-unit name may or may not contain.
-