2Security

This chapter contains the following:

Standard Application Users for Oracle Learning Cloud

The application users are defined using security roles and privileges that they are granted. It enable users to perform various tasks in the application.

The following are the standard user roles:

  • Learning Administrator

  • Learner

  • Learner Manager

Learning Administrators

The Learning Specialist job role provides the reference security definition for a standard learning administrator. It contains all the necessary functional and aggregate privileges to enable administrator functionality in Oracle Learning Cloud. You can use this job role but must not grant directly to users. You must create a data role in Workforce Structures> My Workforce. The data role will instantiate the Oracle Learning Cloud data security policies contained in the aggregate privileges in the job role. The initialization of the data security policies is based on the Person Security Profiles defined in the data role and is what grants users their access to the data within the Oracle Learning Cloud application.

Learners and Learner Managers

The Employee and Line Manager abstract roles provide the reference security definitions for learners and learner managers, respectively. They contain all the necessary functional and aggregate privileges to enable all learning self-service functionality in Oracle Learning Cloud, among others. You should not use the abstract roles directly. You should copy the abstract role to create your own custom versions. This protects you from further additions to these abstract roles over time and avoids unwanted additional features being enabled automatically for your users.

The learning administrator data role requires additional manual data policy setup tasks to complete the configuration. Some of the administrator data policies don't depend on the Person Security Profiles, and therefore you must create them manually. To do this, you must modify the data policies of this data role in the security console and define additional data policies.

For both custom abstract roles, you must initialize data policies in Workforce Structures > My Workforce. The security profiles will instantiate the Oracle Learning Cloud data security policies contained in the aggregate privileges in the custom employee and line manager abstract roles.

Granting Roles to Users

After setting up the data role or abstract role, you must grant the data roles to users by doing one of the following in the security console:

  • Edit the user account and add the data role

  • Edit the data role and add users to it

For the standard user set up, you must grant the following roles to the users:

Users Granted Roles

Employee

Custom employee abstract role

Line Manager

Custom employee abstract and custom line manager abstract roles

Administrator

Custom employee abstract role, Learning Administrator data role, and custom line manager abstract role (if the administrator is also a line manager)

The standard roles can be replaced by custom roles or as required. After granting the data roles to users, users are ready to access Oracle Learning Cloud and its features. For more restricted capabilities, you can replace standard roles with custom roles.

Standard Learning Administrators

The Learning Specialist role enables a user to manage catalog learning items, self-paced online offering content, training resources, assignments, initiatives and setup in the Administration work area.

The following table describes functional privileges required to create questionnaires that can then be used in the application for evaluations. These privileges are normally granted for other HCM roles such as Human Resources Specialist. Therefore you can add it to the Learning Administrator role, if no other role containing them is granted to the user already.

Role Title Description

Manage Questionnaire Templates

Allows creating, updating, and deleting of questionnaire templates

Manage Questionnaires

Allows creating, updating, and deleting of questionnaires

Manage Questions

Allows creating, updating, and deleting of questions that will be included in the library

Standard Learners

The employee abstract role contains all necessary privileges enabling users to consume and contribute learning in Oracle Learning Cloud.

The standard Learner users can perform the following relevant tasks:

  • Access the Current Learning page

  • Access the My Learning page and the learning profile of their peers

  • Search and view learning items

  • View and complete their voluntary and required learning assignments

  • View and complete learning evaluations

  • Voluntarily enroll into learning items

  • Join and participate in learning communities as a member or manager

  • View recommendations they have received

  • Publish videos

  • Author tutorials

  • Create and manage learning communities

  • Recommend learning items to other learners

  • Access mobile Web features

Data Security Policies and Security Profiles

A learner's data policies are driven in part from the Person Security Profile which define the set of people and their learning items visible to them in the application.

The following table describes the person and public person security profile for a standard learner:

Security Profile Value Description

Person Profile

View Own Record

Grants access to their own learning assignments and to manage self-service learning items they created

Public Person Profile

View All People

Grants access to everyone in the application and the ability to view their self-service learning contributions, and add them to learning communities as members or managers

Standard Learner Managers

The Learner Manager abstract role contains necessary privileges enabling users in Oracle Learning Cloud to assign learning and track progress of that learning for the people they manage.

The Learner Manager can perform the following relevant tasks:

  • View, create and manage required learning assignments for their employees

  • View, create and manage voluntary learning assignments for their employees

  • View recommendations their employees receive

  • View recommendations they have received

  • Access the learning profile page

  • Recommend learning items to other learners

  • Search and view learning items

  • Join and participate in learning communities as a member or manager

  • Publish videos

  • Author tutorials

  • Create and manage learning communities

  • Create and manage required members in learning communities

  • Create and manage required learning assignments in learning communities

  • View learning items contributed by other learners in their learning profile

  • Access mobile Web features

Note: For a learner manager to consume learning, you must grant the privileges in the employee abstract role.

Data Policies and Security Profiles

A learner manager's data policies are driven in part from the Person Security Profile which define the set of people, their learning items and their learning assignments visible to the learner manager in the application. The following table describes the person and public person security profile for a standard learner manager.

Security Profile Value Description

Person Profile

View Manager Hierarchy

Grants access to the learning assignments and learning items of people below them in the management hierarchy

Public Person Profile

View All People

Grants access to everyone in the application and the ability to view their self-service learning contributions, and add them to learning communities as members or managers

Custom Learning Administrators

The standard roles outline how to setup the Learning Administrator role enabled for the Oracle Learning Cloud administrator functionality. You can hide certain features from the administrator by creating custom roles. Each privilege pertains to a specific capability within the application that you can hide from the user. This topic describes common groupings of privileges that is typically granted to a learning administrator.

The following application users for the Learning Administrator role can be defined in the application:

  • Core Learning Administrator

  • Learning Content Administrator

  • Resource Administrator

  • Catalog Manager

  • Learning Assignment Administrator

  • Learning Initiative Administrator

  • Learning Implementor

Core Learning Administrator

Core Learning Administrators can view the administration dashboard and view catalog items. No additional functional privileges are necessary.

The following table describes the aggregate privileges granted to a user enabling them as a core learning administrator.:

Role Names Description

Access Learning Common Components

Access common learning components

Access Learning Administration

Access to the learning administration work area

View Catalog Learning Communities

Allows searching and viewing communities in the administrator work area

View Catalog Learning Courses

Allows searching and viewing courses in the administrator work area

View Catalog Learning Offerings

Allows searching and viewing offerings in the administrator work area

View Catalog Learning Specializations

Allows searching and viewing specializations in the administrator work area

Note: Any one of the View privileges for the catalog learning courses, offerings, specializations, or communities may be granted to the user.

Learning Content Administrator

Content administrators can search, view, and manage content for self-paced online offerings in the Administration work area.

The following table describes the additional aggregate privileges granted to a user enabling them as a content administrator:

Application Users Capabilities

Manage eLearning Content

Allows administrators access the catalog resources area, and to create and manage eLearning content for self-paced offerings

Note: No additional functional privileges are necessary.

Resource Administrator

Resource administrators can search, view, and manage learning resources for self-paced online offerings in the Administrator work area. The following table describes the additional aggregate privileges granted to a user enabling them as a resource administrator:

Role Name Description

Manage Training Resources

Allows administrators access the catalog resources area, and to create and manage resources for self-paced offerings

Note: No additional functional privileges are necessary.

Catalog Manager

Catalog managers can access content items and learning resources for offerings and manage catalog courses, offerings, specializations, and communities.

The functional privilege granted to the catalog manager:

Privilege Name Description

Manage Learning Community Members using OTBI

Allows adding members to communities using OTBI analysis objects

Manage Catalog Learning Item Access

Allows management of catalog learning items access

Manage Catalog Learning Item Access Group

Allows management of catalog learning items access groups

The following table describes the additional aggregate privileges granted to a user enabling them as a catalog manager:

Role Names Description

Manage Catalog Learning Courses

Allows administrators to create and manage learning catalog courses

Manage Catalog Learning Offerings

Allows administrators to create and manage learning catalog course offerings

Manage Catalog Learning Specializations

Allows administrators to create and manage learning catalog specializations

Manage Catalog Learning Communities

Allows administrators to create and manage learning catalog communities

Manage Learning Community Required Members

Allows adding required members to a community

View Catalog Learning Item Access

Allows administrators to view learner access details on catalog learning items

Manage Global Access Groups

Allows administrators to manage global access groups.

View Global Access Groups

Allows administrators to view global access group details.

Catalog Manager data policies are driven in part by the Person Security Profile which define the set of catalog learning items manageable by the catalog manager in the application. The following table describes the person and public person security profile for a catalog manager.

Security Profile Value Description

Person Profile

View All People

Allows catalog courses, offerings and specializations created by anyone to be edited

Public Person Profile

View All People

Not used for catalog management

Learning Assignment Administrator

Learning assignment administrators can perform one or more of the following for employees they are responsible for:

  • View the progress of existing required or voluntary learning assignments on catalog learning items

  • View existing administrator recommendations on catalog learning items

  • Manage existing required or voluntary learning assignments on catalog learning items

  • Manage existing administrator recommendations on catalog learning items

  • Create required, voluntary, or recommendation assignments on the catalog learning items

The following table describes the additional functional privileges granted to a user enabling them as an assignment administrator:

Privilege Names Description

Create Recommended Learning Assignment by Administrator

Allows creation of recommended learning assignments in the learning administration work area

Create Required Learning Assignment by Administrator

Allows creation of required learning assignments in the learning administration work area

Create Voluntary Learning Assignment by Administrator

Allows creation of voluntary learning assignments in the learning administration work area

Manage Recommended Learning Assignment Records by Administrator

Allows managing recommended learning assignments in the learning administration work area

Manage Required Learning Assignment Records by Administrator

Allows managing required learning assignments in the learning administration work area

Manage Voluntary Learning Assignment Records by Administrator

Allows managing voluntary learning assignments in the learning administration work area

The following table describes the aggregate privileges:

Role Name Description

View Learning Assignments by Administrator

Allows searching and viewing learning assignments in the administrator work area

Learning assignment administrator data policies are driven by the Person Security Profile which define the set of people to whom the administrator can assign learning in the application. The following table describes the person and public person security profile for a learning assignment administrator.

Security Profile Value Description

Person Profile

View All People

Grants the ability to assign required and voluntary learning to everyone from within the administration work area

Public Person Profile

View All People

Grants the ability to assign recommended learning to everyone from within the administration work area

Learning Initiative Administrator

Learning initiative administrators can perform one or more of the following tasks for the employees they are responsible for:

  • View the progress of existing required or voluntary learning assignments on catalog learning items

  • View the existing administrator recommendations on the catalog learning items

  • Create and manage required, voluntary or recommendation learning initiatives on catalog learning items

The following table describes the additional functional privileges granted to a user enabling them as an initiative administrator:

Privilege Names Description

Manage Required Learning Initiative by Administrator

Allows creation and management of required learning initiatives in the learning administrator work area

Manage Recommended Learning Initiative by Administrator

Allows creation and management of recommended learning initiatives in the learning administrator work area

Manage Voluntary Learning Initiative by Administrator

Allows creation and management of voluntary learning initiatives in the learning administrator work area

View Learning Assignments by Administrator

Allows searching and viewing learning assignments in the administrator work area

The following table describes the aggregate privileges:

Role Name Description

View Learning Assignments by Administrator

Allows searching and viewing learning assignments in the administrator work area

Learning initiative administrator data policies are driven by the Person Security Profile which define the set of people to whom the administrator can assign learning in the application. The following table describes the person and public person security profile for a learning initiative administrator:

Security Profile Value Description

Person Profile

View All People

Grants the ability to manage required and voluntary learning initiatives to everyone from within the administration work area

Public Person Profile

View All People

Grants the ability to assign recommended learning initiatives to everyone from within the administration work area

Learning Implementor

Learning implementors perform Learning Setup tasks in the Administration work area and manage learning configurations such as:

  • External Providers

  • Oracle Social Network Setup

  • Evaluations

The following table describes the additional functional privileges granted to a user enabling them as a learning implementor:

Privilege Names Description

Manage Learning Setup

Allows access Learning Administration settings

Manage Learning Media Platform

Allows access to provisioning the media platform

Note: No additional aggregate privileges are necessary.

In addition to the above functional privileges, the following table describes functional privileges required to create questionnaires that can then be used in the application as evaluations. These privileges are normally granted in other HCM roles such as Human Resources Specialist and therefore only need to be added to the Learning Administrator role if no other role containing them is granted to the user already.

Privilege Names Description

Manage Questionnaire Templates

Allows creating, updating, and deleting of questionnaire templates

Manage Questionnaires

Allows creating, updating, and deleting of questionnaires

Manage Questions

Allows creating, updating, and deleting of questions that will be included in the library

Note: No additional aggregate privileges or data policies are necessary.

Custom Learners

The standard roles outline how to setup a Learner role enabled with the Oracle Learning Cloud employee self-service functionality. You can hide certain features from the Learner role by creating custom roles. Each privilege pertains to a specific capability within the application that you can hide from the user. This topic describes common groupings of privileges that is typically granted to the Learner role.

The following application users are defined for the Learner role:

  • Core Learner

  • Peer-to-Peer Learner

  • Recommendation-Oriented Learner

Core Learner

To consume learning in Oracle Learning Cloud, all learners must at least be defined as a Core Learner in the application. They can perform the following tasks:

  • Search and view learning items

  • Voluntarily enroll into learning items

  • View and complete their voluntary and required learning assignments

  • Join and participate in learning communities as a member or manager

  • View recommendations received from others

  • Access mobile Web features

The following table describes the functional privileges granted to a user enabling them as a core learner:

Privilege Name Description

Access Learner Self-Service Work Area

Access to the My Learning page from the Learning Self-Service work area

Create Noncatalog Learning Requests by Learner

Allows a noncatalog learning request to be initiated by learner

The following table describes the aggregate privileges granted to a user enabling them as a core learner:

Role Names Description

Access Learning Common Components

The core learner can access Learning common components and perform related tasks.

Manage My Voluntary Learning

Allows learners to join and manage their voluntary learning assignments

View Learning Communities

Allows learners to view their learning communities, in which they are members

View My Recommended Learning

Allows learners to view learning items recommended to them

View My Required Learning

Allows learners to view their required learning assignments

Peer-to-Peer Learner

In addition to the core learner capabilities, the peer-to-peer learner has the ability to contribute learning by performing one or all the following tasks:

  • Publish videos

  • Author tutorials

  • Create and manage learning communities

  • Recommend learning items to other learners

  • View learning items contributed by other learners in their learning person profile

The following table describes the additional aggregate privileges granted to a user enabling them as a peer-to-peer learner. These can be granted independently if necessary.

Role Names Description

Manage Learning Communities

Allows learners to create and manage learning communities

Manage Learning Self-Service Tutorials

Allows learners to author and publish tutorials

Manage Learning Self-Service Videos

Allows learners to publish videos and manage them

Manage Recommended Learning

Allows learners to recommend learning

Allows learners to view learning items recommended to them

View Learner Contributions

Allows learners to view the learning contributions of a person

View Public Learning Communities

Allows users to view the learning communities a person is a member of.

Note: No additional functional privileges are necessary

Recommendation-Oriented Learner

In addition to the core learner capabilities, the recommendation-oriented learner can access the Current Learning page and view the learning items in the following cards:

  • Required Learning card

  • Voluntary Learning card

  • Recommended Learning card

The following table describes the additional functional privileges granted to a user enabling them as a recommendation-oriented learner:

Privilege Names Description

Access Current Learning

Allows access to the Current Learning page in learning self-service work area

Note: No additional aggregate privileges are necessary.

Data Policies and Security Profiles

A learner's data policies are driven in part from the Person Security Profile which define the set of people and their learning items visible to them in the application. The following table describes the person and public person security profile for a standard learner.

Security Profile Value Description

Person Profile

View Own Record

Grants access to their own learning assignments and to manage self-service learning items they created

Public Person Profile

View All People

Grants access to everyone in the application and the ability to view their self-service learning contributions, recommend learning to others, and add them to learning communities as members or managers

Custom Learner Managers

The standard roles outline how to setup the Learner Manager role enabled with the Oracle Learning Cloud manager self-service functionality. You can hide certain features from the learner manager by creating custom roles. Each privilege pertains to a specific capability within the application that can hide from the user. This topic describes common groupings of privileges that is typically granted to a learner manager.

The following application users are defined for the Learner Manager role:

  • Core Learner Manager

  • Learner Manager with Assignment Privileges

  • Peer-to-Peer Learner Manager

  • Business Line Learner Manager

Core Learner Manager

A Core Learner Manager can view the following learning assignments for the people they manage:

  • View and track progress of required assignments in the My Team and learning profile (My Learning) pages

  • View and track progress of voluntary assignments in the My Team and learning profile (My Learning) pages

  • View their recommended learning items in their learning profile (My Learning) page

The core learner manager can also perform the following tasks:

  • Search and view learning items

  • Join and participate in learning communities as a member or manager

  • View recommended learning items from others

  • Access mobile Web features

Note: A core learner manager can't voluntarily enroll in catalog learning items such as offerings or specializations unless the core learner manager is granted the core learner privileges.

The following table shows the aggregate privileges granted to enable the core learner manager capabilities:

Role Names Description

Access Learning Common Components

Access common learning components

View Learning Communities

Allows Learners to view learning communities in which they are members

View Recommended Learning by Learner Manager

Allows managers to view recommendations received by people in their person security profile, and learning items recommended for people in their public person security profile

View Required Learning by Learner Manager

Allows managers to view required learning assignments assigned to people in their person security profile

View Voluntary Learning by Learner Manager

Allows managers to view voluntary learning assignments assigned to people in their person security profile

The following table describes the functional privileges granted to a user enabling them as a core learner manager.

Privilege Names Description

Access Learner Manager Self-Service Work Area

Allows access to the My Team page in the Learning self-service work area

Learner Manager with Assignment Privileges

In addition to the core learner manager capabilities, the learner manager has the ability to perform one or all of the following tasks:

  • Create and manage required learning assignments for their employees

  • Create and manage voluntary learning assignments for their employees

The following tables describes the additional aggregate privileges granted to a user enabling them as a learner manager:

Role Names Description

Create Noncatalog Learning Requests by Learner Manager

Allows a noncatalog learning request to be initiated by a learner manager

Manage Learning Requests by Learner Manager

Allows managers to manage learning requests they receive

Manage Required Learning by Learner Manager

Allows managers to create and manage required assignments

Manage Voluntary Learning by Learner Manager

Allows managers to create and manage voluntary assignments

Note: No additional functional privileges are necessary.

Peer-to-Peer Learner Manager

In addition to the core learner manager capabilities, the peer-to-peer learner manager has the ability to contribute learning by performing one or all the following tasks:

  • Publish videos

  • Author tutorials

  • Create and manage learning communities

  • Recommend learning items to other learners

  • View learning items contributed by other learners in their learning person profile

The following table describes the additional aggregate privileges granted to a user enabling them as a peer-to-peer learner manager:

Role Names Description

Manage Learning Self-Service Tutorials

Allows learners to author tutorials

Manage Learning Self-Service Videos

Allows learners to publish and edit videos

Manage Recommended Learning

Allows learners to recommend learning and view recommendations received

View Learner Contributions

Allows learners to view a person's learning contributions.

View Public Learning Communities

Allows learners to view the learning communities in which they are members

Note: No additional functional privileges are necessary.

Business-Line Learner Manager

In addition to the core learner manager capabilities, a business-line learner manager can perform one or more of the following tasks:

  • Create and manage learning communities

  • Create and manage required members in the learning community

  • Create and manage required learning assignments in the learning community

  • Publish videos in the learning community and publish videos as themselves

  • Publish tutorials in the learning community

  • View learning items contributed by other learners in their learning profile

The following table describes the additional aggregate privileges granted to a user enabling them as a business-line learner manager:

Role Names Description

Manage Learning Communities

Allows learners to create learning communities

Manage Learning Self-Service Tutorials

Allows learners to author tutorials

Manage Learning Self-Service Videos

Allows learners to publish and edit videos

Manage Learning Community Required Members

Allows adding required members to a community

View Learner Contributions

Allows learners to view a person's learning contributions

View Public Learning Communities

Allows learners to view the learning communities in which they are a member

The following table describes the additional functional privileges granted to a user enabling them as a business-line learner manager:

Privilege Names Description

Manage Learning Community Members using OTBI

Allows adding members to communities using OTBI analysis objects

Manage Learning Community Required Members

Allows adding required members to a community

Data Policies and Security Profiles

A learner manager's data policies are driven in part from the Person Security Profile which define the set of people, their learning items and their learning assignments visible to the learner manager in the application. The following table describes the person and public person security profile for a standard learner manager:

Security Profile Value Description

Person Profile

View Manager Hierarchy

Grants access to the learning assignments and learning items of people below them in the management hierarchy

Public Person Profile

View All People

Grants access to everyone in the application and the ability to view their self-service learning contributions, recommend learning to others, and add them to learning communities as members or managers

Custom Learning Moderators

The Learning Moderator role enables a user to approve, suspend, and delete learning items from human task notifications.

Aggregate Privileges

The following table describes the aggregate privileges granted to a user enabling them as a learning moderator:

Role Names Capabilities

Moderate Administrator Generated Learning

Allows access to moderate catalog learning items

Moderate User-Generated Learning

Allows access to moderate and approve self-service learning items

Note: No additional functional privileges are necessary.

Data Policies and Security Profiles

A Learning Moderator data policies are driven from the Person Security Profile which define the set of people they can moderate.

The following table describes the person and public person security profile for a standard learning moderator:

Security Profile Value Description

Person Profile

View All People

Grants access to the contents of human tasks for approval and moderation of learning items created by everyone

Public Person Profile

View All People

Not used by the application