Data Privileges and Access Groups

If you started using Oracle Sales application for the first time in Update 22B or later, your database resources are secured through system (predefined) access groups and rules and not through data security policies.

When you assign job roles to users, users are automatically assigned membership in an associated system access group. They receive all the data permissions provided by the access group object sharing rules. The access group object sharing rules specify the access groups that can perform a specified action on an object and the conditions under which the action can be carried out.

An access group rule is made up of:

  • The business object that's being accessed, for example, Opportunity.
  • An access level that defines the actions allowed on the data. For example, Read or Update access.
  • The condition that must be met for access to the business object to be granted. For example, sales managers can view opportunities as long as they're in the management chain or are members of the sales team for the opportunity.
  • The name of the access group the object sharing rule is assigned to. A rule can be assigned to many access groups.