Duty Role Components

A typical duty role comprises two components, namely, data security policies and functional security privileges. Duty roles can also inherit other duty roles.

Data Security Policies

A data security policy assigned to a duty role has the components listed below. For example, the duty role Student Party View has:

• A business object that's being accessed, such as Trading Community Party.

• The condition, if any, that controls access to specific instances of the business object. For example, you can create a condition that allows managers to access all data pertaining to people who report to them.

• A data security privilege, which defines what can be done with the specified data, such as View Trading Community Person (Data).

Function Security Privileges

A function privilege assigned to a duty role secures user interfaces, such as Maintain Grade Roster and Maintain Class Roster pages.

Tip: The predefined duty roles represent logical groupings of privileges that you might want to manage as a group. They also represent real-world groups of tasks. For example, the predefined Higher Education Instructorjob role inherits the Student Detail View duty role. To create your own Higher Education Instructor job role with no access to personal information of students, copy the predefined job role and remove Student Detail View duty role from the role hierarchy.