10Export and Import of Security Setup Data

This chapter contains the following:

Export and Import of Security Console Data

You can move the Security Console setup data from one environment to another using the CSV export and import functionality.

Let's assume you have spent lot of time and effort in configuring and setting up the Security Console in your primary environment. You test the setup and find that everything's working as intended. Now, you want to replicate the same setup in another environment. And you want that to happen with the least effort and as quickly as possible. Well, it certainly can be done in a simple and less time-consuming way.

In the Setup and Maintenance work area, use the Manage Application Security Preferences task in the Initial Users functional area.

Before You Begin

Learn how to export business object data to a CSV file and to import business data from a CSV file. Detailed instructions are available in the Managing Setup Using CSV File Packages chapter of the Using Functional Setup Manager guide.

What Gets Exported and Imported

The Security Console setup data comprises information that you see on the Administration and User Categories tabs of the Security Console. The following business objects help in packaging those details into CSV files so that the data can be easily exported and imported.

  • Security Console Administration Settings

  • Security Console User Category

  • Security Console User Category Notifications

Note: Lists of users or information about any specific user is never a part of this export and import process.

In this table, you will find information about the contents of each business object.

Business Object Information Included in Export and Import

Security Console Administration Settings

  • General administration details

  • Role preferences

  • Location-based access settings

    Note: If location-based access isn't enabled (if the tab doesn't appear on Security Console), nothing gets included in the export or import.

Security Console User Category

  • User category details

  • Password policy information

Security Console User Category Notifications

Notification preferences.

Note: For notifications, only the custom template information is exported from the default user category. The predefined notifications are excluded because they're available in the target environment.

When the export process successfully completes, you get the following CSV files:

  • Administration Settings CSV

  • User Category CSV

  • User Category Notifications CSV

Note: If there are language packs installed on your application, additional CSV files may be generated containing the translated data.

To import data into another environment, bundle these files into a .zip file to create the CSV file package and follow the process for importing setup data.

You're looking at migrating your HCM custom roles, data roles and security profiles from one environment to another. You can accomplish most of your HCM security migration needs by exporting the business objects in the Users and Security functional area within the Workforce Deployment offering. The exception to this is Job Requisition Security profiles, which can be migrated by exporting the business objects in the Users and Security functional area within the Recruiting and Candidate Experience offering.

Other offerings have a Users and Security functional area, but only the Workforce Deployment offering has the business objects that support migration of HCM custom roles within its Users and Security functional area.

Before You Begin

Learn how to export and import business object data. Detailed instructions are available in the Overview of Setup Data Export and Import topic of the Using Functional Setup Manager guide. Refer to the Related Topics section below for the link to this topic.

What Gets Exported and Imported

When you migrate HCM roles and security profiles, the following business objects are exported in the configuration package at generated from the Users and Security functional area within the Workforce Deployment offering.

  • Application Data Security

  • Application Profile Value

  • Functional Security Custom Roles

    • Functional Security Custom Role Hierarchy

    • Functional Security Custom Role Privilege Membership

  • HCM Data Role

    • HCM Data Role Security Profile

  • HCM Exclusion Role

    • HCM Exclusion Rule Detail

  • Legislative Data Group Security Profile

    • Legislative Data Group Security Profile List

  • Organization Security Profile

    • Organization Security Profile Classification List

    • Organization Security Profile Organization List

  • Country Security Profile

    • Country Security Profile Country List

  • Position Security Profile

    • Position Security Profile Position List

    • Position Security Profile Area of Responsibility Scope

  • HR Document Type Security Profile List

    • HR Document Type Security Profile List

  • Payroll Security Profile

    • Payroll Security Profile Pay

  • Payroll Flow Security Profile

    • Payroll Flow Security Profile Pay

  • Person Security Profile

    • Person Security Profile Manager Type

    • Person Security Profile Area of Responsibility Scope

    • Person Security Profile Exclusion

  • Transaction Security Profile

    • Transaction Security Profile Entries

    • Transaction Security Profile Sub-Categories

  • Role Provisioning Rule

    • Role Provisioning Associated Role List

Let's closely examine each business object to know what it contains.

Business Object Information Included in Export and Import

Application Data Security

Application data security includes data security policies that are created in the following ways:

  • Manually using the Manage Database Resources page in the security console.

  • Manually using the Edit role/Copy role flow in the security console

  • Automatically when you copy a role using the Role Copy in the security profile

  • Automatically when you create profile content types

  • Automatically when you map HCM spreadsheet business objects to roles

Data security policies that are generated by the HCM Data Roles UI aren't exported as part of the application data security business object. They are automatically created on the target environment when you import the HCM Data Role business object.

Data security conditions that are generated from HCM security profiles aren't exported as part of the Application Data security business object. They are automatically created on the target environment when the HCM security profile business objects are imported.

Note: there's no scope support for application data security policies. When you export application data security policies all data security policies are exported, even if you provided a scope value for other security business objects in your configuration package.

there's no Export to CSV option for this business object.

Application Profile Value

Application profile value includes the profile values for the PER_MASTER_WORK_EMAIL profile.

This profile option is no longer used and no values are exported for this business object.

Functional Security Custom Roles

The custom role includes the following details:

  • Role Code

  • Role Name

  • Role Description

  • Role Category

  • All IP Address Access - indicates that a role is granted access to the Security Control irrespective of the IP address from where it's signed in.

Functional Security Custom Role Hierarchy

The role hierarchy includes the following details:

  • Parent Role

  • Member Role

  • Add or Remove Role Membership

Functional Security Custom Role Privilege Membership

The role privilege membership includes the following details:

  • Parent Role

  • Member Privilege

  • Add or Remove Privilege Membership

HCM Data Role

The HCM data role includes the following details:

  • Data Role Code

  • Data Role Name

  • Data Role Description

  • Inherited Job Role Code

  • Delegation Allowed Check Box

HCM Data Role Security Profile

The HCM data role security profile includes the following details:

  • Data Role Code

  • Securing Object

  • Security Profile Name

HCM Exclusion Rule

HCM exclusion rule and HCM exclusion rule detail includes HCM exclusion rule definitions.

  • HCM Exclusion Rule

  • HCM Exclusion Rule Detail

Legislative Data Group Security Profile List

Legislative data group security profile list includes the following details:

  • Legislative data group security profile name

  • Legislative data groups that are included in the legislative data group security profile

Organization Security Profile

Organization security profile includes the following details:

  • Organization Security Profile Name

  • Enabled Check Box

  • View All Check Box

  • Include Future Organizations Check Box

  • Code indicating Department Hierarchy or Generic Organization Hierarchy

  • Hierarchy Name (if securing by organization hierarchy)

  • Top Organization Name (if securing by organization hierarchy)

  • Include Top Organization Check Box

  • Secure by Organization Hierarchy Check Box

  • Secure by Organization Classification Check Box

  • Secure by Organization List Check Box

Organization Security Profile Classification List

Organization security profile classification list includes the following details:

  • Organization Security Profile Name

  • Organization Classification Name

Organization Security Profile Organization List

Organization security profile includes the following details:

  • Organization Security Profile Name

  • Organization name

  • Organization Classification

  • Include/Exclude Check Box

Country Security Profile

Country security profile includes the following details:

  • Country Security Profile Name

  • Enabled Check Box

Country Security Profile List

Country security profile list includes the following details:

  • Country Security Profile Name

  • Country code

Position Security Profile

Position security profile includes the following details:

  • Position Security Profile Name

  • Description

  • Enabled Check Box

  • View All Check Box

  • Include Future Positions Check Box

  • Hierarchy Name (if securing by position hierarchy)

  • Top Position Name (if securing by position hierarchy)

  • Include Top Position Check Box

  • Top Position Name (if securing by organization hierarchy)

  • Secure by Position Hierarchy Check Box

  • Secure by Department Check Box

  • Department Organization Security Profile Name (if securing by department)

  • Secure by Business Unit Check Box

  • Business Unit Organization Security Profile Name (if securing by business unit)

  • Secure by Position List Check Box

  • Secure by Area of Responsibility Check Box

Position Security Profile Position List

Position security profile position list includes the following details:

  • Position Security Profile Name

  • Position Code

  • Include/Exclude Check Box

Position Security Profile Area of Responsibility Scope

Position security profile area of responsibility scope includes the following details:

  • Position Security Profile Name

  • Responsibility Type

  • Scope of Responsibility

HR Document Type Security Profile

HR document type security profile includes the following details:

  • HR Document Type Security Profile Name

  • Enabled Check Box

  • View All Check Box

  • Include/Exclude Check Box

HR Document Type Security Profile List

HR document security profile list includes the following details:

  • HR Document Type Security Profile Name

  • Document Type Name

Payroll Security Profile

Payroll security profile includes the following details:

  • Payroll Security Profile Name

  • Enabled Check Box

  • View All Check Box

Payroll Security Profile Pay

Payroll security profile pay includes the following details:

  • Payroll Security Profile Name

  • Payroll Name

  • Legislative Data Group Name

Person Security Profile

Person security profile includes the following details:

  • Person Security Profile Name

  • Description

  • Enabled Check Box

  • Access to Own Record Check Box

  • Include Future People Check Box

  • Include Shared People Information Check Box

  • Access to Candidates with Offers Check Box

  • Secure by Area of Responsibility

  • Secure by Manager Hierarchy Check Box

  • Person or Assignment Check Box

  • Maximum Levels in Hierarchy

  • Manager Hierarchy Type

  • Hierarchy Content Code

  • Secure by Person Type Check Box

  • Secure by Department Check Box

  • Department Security Profile Name (if securing by department)

  • Secure by Business Unit Check Box

  • Business Unit Profile Name (if securing by business unit)

  • Secure by Legal Employer Check Box

  • Legal Employer Security Profile Name (if securing by legal employer)

  • Secure by Position Check Box

  • Position Security Profile Name (if securing by position)

  • Secure by Legislative Data Group Check Box

  • Legislative Data Group Security Profile Name (if securing by legislative group)

  • Secure by Payroll Check Box

  • Payroll Security Profile Name (if securing by payroll)

  • Secure by Global Name Range Check Box

  • Global Name Range Start Value (if securing by global name range)

  • Global Name Range End Value (if securing by global name range)

  • Apply Exclusion Rules Check Box

  • Secure by Custom Criteria Check Box

  • Custom Restriction Text (if securing by custom criteria)

Person Security Profile Manager Type

Person security profile manager type includes the following details:

  • Person Security Profile Name

  • Manager Hierarchy Type (if something other than All or Line Manager has been selected on the security profile)

Person Security Profile Area of Responsibility Scope

Person security profile area of responsibility scope includes the following details:

  • Person Security Profile Name

  • Responsibility Type

  • Scope of Responsibility

  • Employee Check Box

  • Contingent Worker Check Box

  • Pending Worker Check Box

  • Nonworker Check Box

  • Candidate with Offer Check Box

Person Security Profile Exclusion

Person security profile exclusion includes the following details:

  • Person Security Profile Name

  • Exclusion Rule Name

Transaction Security Profile

Transaction security profile includes the following details:

  • Transaction Security Profile Name

  • Description

  • Enabled Check Box

  • View All Check Box

Transaction Security Profile Entries

Transaction security profile entries includes the following details:

  • Transaction Security Profile Name

  • Product Family

  • Category Code

  • All Sub-Categories Check Box

  • Exclude Sub-Category Check Box

Transaction Security Profile Sub-Categories

Transaction security profile sub-categories includes the following details:

  • Transaction Security Profile Name

  • Product Family

  • Category Code

  • Sub-Category Code

Role Provisioning Rule

Role provisioning rule includes the following details:

  • Mapping Rule Name

  • Legal Employer Name

  • Business Unit Name

  • Department Name

  • Job Set Code

  • Job Code

  • Position Business Unit Name

  • Position Code

  • Grade Set Code

  • Grade Code

  • Location Set Code

  • Location Code

  • User Person Type

  • System Person Type

  • Assignment Type

  • HR Assignment Status Code

  • Resource Role

  • Party Type Usage Code

  • Contact Role

  • Manager with Reports Check Box

  • Manager Type

  • Responsibility Type

Role Provisioning Associated Role List

Role provisioning associated role list includes the following details:

  • Mapping Rule Name

  • Role Code

  • Requestable Check Box

  • Self-Requestable Check Box

  • Autoprovision Check Box

Other business objects that you might like to export when migrating HCM custom roles are:

  • Job Requisition Security Profile

  • Spreadsheet Business Object Security Mapping

Let's closely examine each of these business objects to know what they contain.

Business Object Information Included in Export and Import

Job Requisition Security Profile

Job requisition security profile includes the following details:

  • Job Requisition Security Profile Name

  • Enabled Check Box

  • View All Check Box

  • Secure by Job Family Check Box

  • Secure by Job Function Check Box

  • Secure by Location Check Box

  • Secure by Organization Check Box

  • Secure by Recruiting Type Check Box

Spreadsheet Business Object Security Mapping

HCM spreadsheet business object access mapping includes the following details:

  • Role Code

  • Business Object

  • Product Area

  • Enabled Check Box

  • All Business Objects Check Box

You can migrate job requisition security profiles by exporting the business objects in the Users and Security functional area within the Recruiting and Candidate Experience offering. You should do this prior to migrating the business objects in the Users and Security functional area within the Workforce Deployment offering. You must have the Recruiting Administrator role to export and import job requisition security profiles.

You can migrate HCM spreadsheet business object access mappings by exporting the business objects in the HCM Data Loader functional area within the Workforce Deployment offering. You should do this after migrating the business objects in the Users and Security functional area. You must have the Human Capital Management Integration Specialist role to export and import HCM spreadsheet business object access mappings.

After the Import Completes

You may need to wait for a period of time before all of the migrated data security policies are visible in the security console after completing the import of the configuration package that's generated from the Users and Security functional area within the Workforce Deployment.

When application data security policies are imported, a process runs in the background to synchronize the imported data security policies with the roles on the target environment. The imported data security policies aren't active until this process has completed, at which point the data security policies will be visible in the security console. This affects data security policies for custom roles that have been copied from other roles in the source environment. It also affects custom roles that have data security policies that were added manually using the security console.

Note: No manual regeneration processes are needed on the target environment; the import process triggers the role regeneration process. This only applies if you're importing the HCM Data Role business object.

What's Not Included

Data security policies that have been manually created from the security console, and which reference conditions that have been generated from an HCM security profile, must be manually recreated on the target environment. You must import the condition by importing the appropriate HCM security profile business object before creating these data security policies in the target environment.