1. Sales Questions and Answers
  2. How do I edit job or abstract roles?

How do I edit job or abstract roles?

To edit user roles, you always create a custom role by copying a predefined job role or abstract role and then editing the copy.

Note: You must have the IT Security Manager job role to perform these security tasks.

High-Level Steps to Copy and Edit Predefined Roles

Here are the high-level steps to copy and edit predefined job and abstract roles.

Caution: While creating custom roles, make sure you assign only the required privileges. Assigning all the privileges could impact license usage. Before you proceed, see the topic, What should I know about copying and editing predefined roles?
  1. Copy a Role
  2. Edit the Copied Role
  3. Add or Remove Existing Functional Security Privileges for the Role
  4. Manage Data Security Policies for the Role
  5. Add or Remove Roles That the New Role Inherited
  6. Assign the New Role to Users
  7. Review the Role

Copy a Role

To copy a job or abstract role:

  1. On the Roles tab of the Security Console, search for the role to copy.
  2. Select the role in the search results. The role hierarchy appears in tabular format by default.
    Tip: Click the Show Graph icon to show the hierarchy in graphical format.
  3. In the search results, click the down arrow for the selected role and select Copy Role.
  4. In the Copy Options dialog box, select a copy option.
  5. Click Copy Role.
  6. On the Copy Role: Basic Information page, review and edit this information as appropriate:
    • Role Name
    • Role Code
    • Description
    • Enable Role for Access from All IP Addresses (appears only if location-based access is enabled)
    Tip: The role name and code have the default prefix and suffix for copied roles specified on the Roles subtab of the Security Console Administration tab. You can overwrite these values for the role that you're copying. However, any roles inherited by the copied role are unaffected by any name changes that you make here.
  7. Click the Summary and Impact Report train stop.
  8. Click Submit and Close, then OK to close the confirmation message.
  9. Review the progress of your copy on the Role Copy Status subtab of the Security Console Administration tab. Once the status is Complete, you can edit the copied role.

Edit the Copied Role

Edit the copy of the job or abstract role:

  1. On the Roles tab of the Security Console, search for and select the role.
  2. In the search results, click the down arrow for the selected role and select Edit Role.
  3. On the Edit Role: Basic Information page, you can edit the role name and description, but not the role code. If location-based access is enabled, then you can also manage the Enable Role for Access from All IP Addresses option.
  4. Click Next.

Add or Remove Existing Functional Security Privileges for the Role

On the Edit Role: Function Security Policies page, any function security privileges granted directly to the copied role appear on the Privileges tab. Click Load Inherited Policies to populate the table with the privileges that the role inherited.

To view details of the code resources that a privilege secures, select the privilege in the Details section of the page.

You can add or remove existing privileges from the copied role. To delete a privilege that's added directly to the copied role, select the privilege and click the Delete icon.
Note: You can't delete inherited privileges. And, you can't create new functional security policies.

To add a privilege to the copied role:

  1. Click Add Function Security Policy.
  2. In the Add Function Security Policy dialog box, search for and select a privilege or role.
  3. If you select a role, then click Add Selected Privileges to add all function security privileges from the role to your custom role. If you select a single privilege, then click Add Privilege to Role.
  4. Click OK to close the confirmation message.
  5. Repeat to add more privileges.
  6. Close the Add Function Security Policy dialog box.

    All the privileges you selected are listed on the Edit Role: Function Security Policies page.

  7. Click Next.

The Resources tab, which is read-only, lists any resources granted to the role directly rather than through function security privileges. Because you can't grant resources directly to roles on the Security Console, only resource grants created before Release 12 could appear on this tab. You can't edit these values.

Manage Data Security Policies for the Role

On the Edit Role: Data Security Policies page, any data security policies granted to the copied role appear. You can add or remove policies from the copied role and you can edit the existing policies.

Click Next to continue to the next page.

Add or Remove Roles That the New Role Inherited

The Edit Role: Role Hierarchy page shows the copied role and its inherited duty roles. The hierarchy is in tabular format by default but you can switch to graphical mode. You can add or remove roles.

To remove a role:

  1. Select the role in the table.
  2. Click the Delete icon.
  3. Click OK to close the confirmation message.

To add a role:

  1. Click the Add Role icon.
  2. In the Add Role Membership dialog box, search for and select the role to add.
  3. Click Add Role Membership.
  4. Click OK to close the confirmation message.

  5. Repeat for other roles.

  6. Close the Add Role Membership dialog box.

    The Edit Role: Role Hierarchy page shows the updated role hierarchy.

  7. Click Next.

Assign the New Role to Users

On the Edit Role: Users page assign the copied role to a user by adding or removing user access to the role.

Add user access to a role:

  1. Click the Add User button.
  2. In the Add User dialog box, search for and select a user or role (job or abstract role).
  3. If you select a role, then click Add Selected Users to add all the users assigned the role to your custom role. If you select a single user, then click Add User to Role.
  4. Click OK to close the confirmation message.

  5. Repeat from step 2 for additional users.

  6. Close the Add User dialog box.

    The Edit Role: User page shows the updated role membership.

  7. Click Next.

To remove user access to a role:

  1. Select the user in the table.
  2. Click the Delete icon.
  3. Click OK to close the confirmation message.

Review the Role

On the Edit Role: Summary and Impact Report page, review the summary of changes. Then do the following:

  1. Click Back to make corrections.
  2. When you've completed any changes, click Save and Close to save the role.
  3. Click OK to close the confirmation message.

The role is available immediately.