Security Configuration

You can review information about the access provided by the sales job roles and can configure the default settings if necessary. For example, you can create custom versions of the roles and add or remove the privileges they provide.

The following sections describe each of the security configuration work areas and the types of configurations you can make using each one. See the Securing Sales and Fusion Service guide for further information about using each work area.

Security Console

You can make custom copies of the sales job roles and can edit the custom roles from the Roles tab of the Security Console. You can add or remove function security policies from a custom role, add additional roles to the custom role hierarchy, and assign the custom role to users. You can also add custom data security policies to either the predefined or custom sales job roles.

Note: It's recommended that you use access groups and object sharing rules rather than data security policies to configure data security. For additional information, see the Access Groups chapter in the Securing Sales and Fusion Service guide.

You can access the Security Console by clicking the Security Console link under the Tools heading in the Navigator.

Tip: The Data Security Policies train stop on the Roles tab of the Security Console lists only the data security policies that are assigned directly to a Digital Sales role. Policies that the role inherits from subordinate roles aren't displayed. To review all the data access policies a Digital Sales role provides, use the Sales and Service Access Management work area as described in the next section.

Sales and Service Access Management UI

Review a user's access to object data using the Sales and Service Access Management UIs. You can access the Sales and Service Access Management work area by clicking the Sales and Service Access Management link under the Tools heading in the Navigator.

The Sales and Service Access Management UI displays all the data security policies provided by a predefined or custom job role for a selected object. You can update policies for a custom job role and object on this UI, or extend the custom role's access to other object data. You can also use the access explorer functionality in the work area to view all the access an individual user has to object data, including access provided by data security policies and access group membership.

Access Groups UI

You can create and manage access groups and object sharing rules using the Access Groups UI in the Sales and Service Access Management work area.

You can access the Access Groups UI by clicking the Sales and Service Access Management link under the Tools heading in the Navigator, then clicking Configure Groups.

Access groups provide a way of providing access to object data based on conditions you define in object sharing rules. Use access groups to either supplement the data access users receive through their job roles and other security mechanisms, or to refine the access that's provided by the predefined conditions to sales object data.

There are two types of access groups:

• Custom access groups you create.

  You can add members to these groups, define rules to specify the access group members should have to object data, and edit or delete the groups as required.

• System access groups created for you by Oracle.

  System groups provide an alternative way of managing a user's access to data. A system group is created for each of the predefined job roles in your environment. Predefined object sharing rules associated with each group provide the same access to data as is provided by the predefined job roles and associated data security policies.