1. How do I create and manage security access groups in Oracle CX?
  2. How do I create membership rules for custom access groups?

How do I create membership rules for custom access groups?

You can add resource users to a custom access group by defining one or more group membership rules. Each rule consists of conditions that determine which resources are added as members of the group.

Any users who satisfy the conditions are automatically added to the access group. Group members who no longer meet the conditions are automatically removed from the group. You can't manually remove group members added through group membership rule processing.

Here's how you can create a group membership rule to add members to your access group:

  1. On the Access Group page, select the group you're creating the membership rule for.
  2. On the Edit Access Group: Overview page, select the Member Rules tab and then click Create Rule.
  3. On the Create Group Membership Rule page, enter a Name for the group membership rule.
  4. In the Conditions section, specify the rule conditions.

    Each rule consists of one or more conditions that are evaluated individually. You can choose whether the rule action applies if any conditions are met, or only if all conditions are met, by selecting the appropriate value from the Rule Applies If list.

  5. Enter a rule condition by clicking the Add icon and enter the values shown in the following table:
    Field Description
    Object

    Select either the Resources object or the Resources Hierarchy object.

    Only resource users can be added to an access group, so you can only select one of these objects.

    Attribute

    Select an attribute from the list. Both custom and standard attributes defined for the object you selected are listed.

    Don't use custom attributes that aren't based on database columns, such as attributes based on a formula field.

    Operator Select the operator for your condition. For example, select Equals or Is blank.
    Value Enter a value for the attribute, if relevant.

    If you're entering more than one value, separate each value with a comma.

    Enter the conditions.

    Important: The use of the Contains operator in a security rule isn't recommended because it leads to broad matching. Broad matching checks whether a specific substring exists, leading to broader matches than might be intended.

    Further, there's a practical limitation for the Contains operator regarding the total allowable characters within a rule. For example, if a rule's condition uses the Contains string of 1,000 characters, no more than four such rules can be applied per attribute. Similarly, if each Contains string is 500 characters long, a maximum of eight rules can be enforced using one attribute condition.

    Be aware of this limitation and plan and prioritize rule conditions accordingly to stay within the bounds of application capabilities.

    This table lists example values for the fields in an example rule condition:

    Conditions Field: Object Attribute Operator Value
    Resources Roles Equals Sales Representative
    Resources Hierarchy Parent Organization Equals NA Computers
  6. From the Actions menu, select Save and Publish to ensure that your changes get included in the assignment processing.
  7. Start the Run Access Group Membership Rules scheduled process to ensure that the access group membership rules are assigned.

    The Run Access Group Membership Rules scheduled process automatically runs every hour to update access groups with changes to the group membership. But, you can also run the process at any time from the Access Groups main page by selecting the Update Groups and Members option from the Actions menu. If you edit a rule, it's a good idea to run the process immediately.

    When the process completes, navigate to the Edit Access Group: Overview page where you can see that all the resources who meet the rule conditions are added to the group. Notice that the Member Type field is set to Rule for all the new members.

To edit a group membership rule, select the rule from the Edit Access Group: Group Membership Rules page. You can also delete or inactivate a rule. If you delete or inactivate a rule, any users added to the group through the rule are removed when the Run Access Group Membership Rules scheduled process runs.

For information about running scheduled processes, see the Understanding Scheduled Processes guide.

Related Topics