1. Securing Sales and Fusion Service
  2. Copy and Edit Duty Roles

Copy and Edit Duty Roles

The recommended way of creating a new duty role is to copy an existing role, then edit the copied role as needed. This topic explains how to do both tasks.

You must have the IT Security Manager job role to perform these tasks.

Copy a Duty Role

To copy a duty role:

  1. On the Roles tab of the Security Console, search for the duty role to copy.

  2. Select the role in the search results.

    The role is displayed in tabular format by default. Click the Show Graph icon to show the hierarchy in graphical format.

  3. In the search results, click the down arrow for the selected role and select Copy Role.

  4. In the Copy Options dialog box, select a copy option.

    • If you select Copy top role, then only the selected role is copied. The copied role inherits the same role instances as the source role.

    • If you select Copy top role and inherited roles, then a copy is made of every role in the role hierarchy provided that a copy of the role with the same name doesn't already exist.

  5. Click Copy Role.

  6. On the Copy Role: Basic Information page, edit the Role Name, Role Code, and Description values, as appropriate.

    Tip: The Role Name and Role Code values are assigned the default prefix and suffix for copied roles specified on the Roles subtab of the Security Console Administration tab. The prefix ORA_ is also removed from the role code. You can overwrite the default prefix and suffix for the role that you're copying. However, any roles inherited by the copied role are unaffected by any name changes that you make here.

  7. Click the Summary and Impact Report train stop.

  8. Click Submit and Close, then OK to close the confirmation message.

  9. Review the progress of your copy on the Role Copy Status subtab of the Security Console Administration tab. Once the status is Complete, you can edit the copied role.

Edit the Copied Duty Role

To edit the copied role, perform the following steps:

  1. On the Roles tab of the Security Console, search for and select your copy of the duty role.

  2. In the search results, click the down arrow for the selected role and select Edit Role.

  3. On the Edit Role: Basic Information page, you can edit the role name and description, but not the role code.

  4. Click Next.

Manage Functional Security Policies

On the Edit Role: Function Security Policies page, any functional security privileges granted directly to the copied role appear on the Privileges tab. Click Load Inherited Policies to populate the table with privileges that the role inherits. To view details of the code resources that a privilege secures, select the privilege in the Details section of the page.

You can add or delete existing privileges from copied duty roles but can't create new functional security policies. To delete a privilege that's added directly to the copied role, select the privilege and click the Delete icon. You can't delete inherited privileges.

To add a privilege to the role:

  1. Click Add Function Security Policy.

  2. In the Add Function Security Policy dialog box, search for and select a privilege or role.

  3. If you select a role, then click Add Selected Privilege to grant all function security privileges from the role to your custom role. If you select a single privilege, then click Add Privilege to Role.

  4. Click OK to close the confirmation message.

  5. Repeat from step 2 for additional privileges.

  6. Close the Add Function Security Policy dialog box.

    All the privileges you selected are listed on the Edit Role: Function Security Policies page.

  7. Click Next.

The Resources tab, which is read-only, lists any resources granted to the role directly rather than through function security privileges. As you can't grant resources directly to roles on the Security Console, only resource grants created before Release 12 could appear on this tab. You can't edit these values.

Manage Data Security Policies

On the Edit Role: Data Security Policies page, any data security policies granted to the copied role appear. You can edit or remove policies from the copied role, or create a new policy for the role. For information about creating, editing, and adding data security policies to a role, see the topic Edit Data Security Policies on the Security Console.

Click Next to continue to the next page.

Add and Remove Inherited Roles

The Edit Role: Role Hierarchy page shows the copied duty role and any duty roles that it inherits. The hierarchy is displayed in tabular format by default. You can add or remove roles.

To remove a role:

  1. Select the role in the table.

  2. Click the Delete icon.

  3. Click OK to close the information message.

To add a role:

  1. Click Add Role.

  2. In the Add Role Membership dialog box, search for and select the role to add.

  3. Click Add Role Membership.

  4. Click OK to close the confirmation message.

  5. Repeat from step 2 for additional roles.

  6. Close the Add Role Membership dialog box.

    The Edit Role: Role Hierarchy page shows the updated role hierarchy.

  7. Click Next.

View Users Assigned the Role

On the Edit Role: Users page, click Next. You can't provision duty roles directly to users.

Review the Role

On the Edit Role: Summary and Impact Report page, review the summary of changes. Click Back to make corrections. Otherwise:

  1. Click Save and Close to save the role.

  2. Click OK to close the confirmation message.

The role is available immediately.

Related Topics