Enable AOR-Based Security

Enable AOR-based security in Oracle Fusion Data Intelligence to align with the AOR-based person security profile configured in Oracle Cloud HCM.

Key points to consider:

  • Enable the Security Configuration Data functional area under HCM Security Configurations offering.
  • Only the person security profiles associated with data roles in Cloud HCM are considered for auto-provisioning data roles in Fusion Data Intelligence.
  • Fusion Data Intelligence data roles will be automatically provisioned based on the Oracle Cloud HCM person security profiles configured only with the scope of responsibility and responsibility type, and with no custom criteria or exclusion criteria defined.
  • For person security profiles with area of responsibility (AOR) based option selected along with other criteria, enable Generate Data Roles for Person Security Profiles Using Responsibility Type, Scope of Responsibility, and Additional Criteria in the Settings tab of the Security page on Oracle Fusion Data Intelligence Console.
  • Following subject areas aren’t secured by the AOR-based data roles:
    • HCM - Talent Acquisition
    • HCM - Succession Management
    • HCM - Diversity Analysis
    • HCM – Positions

HCM Data Security Options

  • Generate Data Roles for Person Security Profiles Using Responsibility Type, Scope of Responsibility, and Additional Criteria

    When this option is enabled, the Fusion Data Intelligence data roles will be automatically provisioned based on the Oracle Cloud HCM person security profiles with responsibility types and scope of responsibilities. However, no additional criteria specified are considered as part of the data roles. For exclusion criteria, custom criteria or changes in the assignment type selection, you must create a custom data role in Fusion Data Intelligence. If not, users might end up with data access that doesn’t match with what they have in the Oracle Cloud HCM application.

    With this option enabled, any updates made to the Responsibility Type and Scope of Responsibility in a user’s AOR-based Person Security Profile in Oracle Cloud HCM will automatically update the Fusion Data Intelligence data roles.

    Note:

    This is a one-time setup and can't be reversed.
  • Unsecure OOTB Context-Based Dimensions

    This option makes Business Unit, Legal Entity, Country, and Department dimensions unsecured when a user has the corresponding OOTB data roles. This isn't applicable to AOR-based data roles. This option will not be visible in the user interface for a net new customer. So, the 4 OOTB context dimensions (BU/Dept/LE/Country) will be unsecured and can't be changed.

    Note:

    This is a one-time setup and can't be reversed.

How to enable AOR-based Security?

  1. In Oracle Fusion Data Intelligence Administration Console, under Service Administration, click Security.
  2. On the Security page, click the Settings tab.
  3. Select Generate Data Roles for Person Security Profiles Using Responsibility Type, Scope of Responsibility, and Additional Criteria.
    Description of fawag-aor-hcm-security-options.png follows
    Description of the illustration fawag-aor-hcm-security-options.png