1. Securing Sales and Fusion Service
  2. How do I remove unneeded privileges from my custom employee abstract role?

How do I remove unneeded privileges from my custom employee abstract role?

By default, some privileges are assigned to the Employee abstract role that aren’t used by Sales users. You can delete these privileges from the custom employee role you previously created.

To delete privileges that are assigned directly to the custom employee role, edit the custom employee role you created. If a privilege is inherited from a duty in the custom employee role hierarchy, you've to edit the custom duty role to remove the privilege.
  1. On the Roles tab of the Security Console, search for and select the custom employee role you’ve just created, for example, Employee Custom Sales.
  2. In the search results, select the Edit Role option from the Actions menu of the Employee Custom Sales role.
  3. Click Next.
    On the Edit Role: Function Security Policies page, all the privileges assigned directly to the Employee Custom Sales role are listed.
  4. To display the privileges the custom employee role inherits from duty roles in its hierarchy, scroll to the end of the page, then click Load Inherited Policies.
    All the privileges the custom employee role has are now listed:
    • If the Inherited from Role column is blank for a privilege, the privilege is assigned directly to the employee custom role and can be deleted on this page.
    • If the Inherited from Role column isn’t blank, you have to edit the custom duty role listed to delete a privilege from it.
  5. Delete the privileges that are assigned directly to the Employee Custom Sales role that aren’t required for sales users.
    1. Delete the following privileges by selecting each privilege in turn, then clicking Delete.
      • Manage Reputation Scores (HWR_REPUTATION_EE_PRIV)
      • Manage Social Roles (HWR_SOCIAL_ROLES_EE_PRIV)
    2. Click Yes in the Warning dialog box to confirm the deletion.
    3. Click the Summary train stop.
    4. On the Edit Role: Summary page, verify both privileges you deleted are listed as Removed in the Function Security Policies row, click Save and Close, then click OK.
  6. Now delete the excess privileges that are inherited by the Employee Custom Sales role from duty roles in its hierarchy.
    1. On the Roles tab of the Security Console, edit each duty role shown in the table and remove the privilege listed.
      Note: The default prefix and suffix for copied roles is specified on the Roles subtab of the Security Console Administration tab. By default, the role-name suffix is Custom but this might differ in your environment.
      Privilege to Remove Custom Duty Role to Edit
      Manage Expense Report Expense Entry Custom
      Create Performance Document by Worker Performance Management Worker Custom
      Provide Performance Evaluation Feedback Performance Management Worker Custom
      View Performance Information on Worker Dashboard Performance Management Worker Custom
      Access Time Work Area Time and Labor Worker Custom
      Manage Requisition Requisition Self Service User Custom
      Access Learning Common Components Access Learning Common Components Custom
    2. Once you’ve deleted each privilege, review your changes to the custom duty role on the Edit Role Summary page and save them.
  7. Finally, edit the Employee Custom Sales role on the Security Console.
    Navigate to the Function Security Policies page and verify that all the excess privileges, both those assigned directly to the role and those inherited from other roles in the hierarchy, have been removed.