1. Securing Sales and Fusion Service
  2. Create Job and Abstract Roles

Create Job and Abstract Roles

If the predefined job or abstract roles aren't suitable, or you need a role with few privileges, then you can create a role from scratch. This topic explains how to create a job role or abstract role.

To perform this task, you must have the IT Security Manager job role.

Caution: While creating custom roles, make sure you assign only the required privileges. Assigning all the privileges may impact license usage. Before you proceed, see the topic Guidance for Assigning Predefined Roles.

Enter Basic Information

Follow these steps:

  1. On the Roles tab of the Security Console, click Create Role.

  2. On the Create Role: Basic Information page, enter the role's display name in the Role Name field. For example, enter Digital Sales Manager.

  3. Enter a unique Role Code. For example, enter DIGITAL_SALES_MGR_JOB.

    Abstract roles have the suffix _ABSTRACT, and job roles have the suffix _JOB.

  4. In the Role Category field, select the appropriate role category, for example, CRM - Job Roles.

  5. If you're using location-based access, then you see the Enable Role for Access from All IP Addresses option. If you select this option, users who have the role can access the tasks that the role secures from any IP address.

  6. Click Next.

Add Functional Security Policies

When you create a role from scratch, you're most likely to add one or more duty roles to your role. You're less likely to grant function security privileges directly to the role. If you're not granting function security privileges, then click Next. Otherwise, to grant function security privileges to the role:

  1. On the Create Role: Functional Security Policies page, click Add Function Security Policy.

  2. In the Add Function Security Policy dialog box, search for and select a privilege or role.

    You can either add an individual privilege or copy all the privileges that belong to an existing role.

  3. If you select a role, then click Add Selected Privileges to add all the function security privileges assigned to the selected role to your custom role. If you select a single privilege, then click Add Privilege to Role.

  4. Click OK to close the confirmation message.

  5. Repeat from step 2 for additional privileges.

  6. Close the Add Function Security Policy dialog box.

    All the privileges you added are listed on the Create Role: Functional Security Policies page. You can:

    • Click on a privilege to view details of the code resource that it secures.

    • Delete any privilege by selecting the privilege and clicking the Delete icon.

  7. Click Next.

Note: You can add existing privileges to the new role but can't create new functional security policies.

Add Data Security Policies

On the Create Role: Data Security Policies page, you can assign data security policies to your role. For information about creating and adding data security policies to a role, see the topic Edit Data Security Policies on the Security Console.

Click Next to continue to the next page.

Build the Role Hierarchy

The Create Role: Role Hierarchy page shows the hierarchy of your custom role in tabular format by default. You can add one or more job, abstract, and duty roles to the new role. Typically, when creating a job or abstract role you add duty roles. Roles are always added directly to the role that you're creating.

To add a role:

  1. Click the Add Role icon.

  2. In the Add Role Membership dialog box, search for and select the role to add.

  3. Click Add Role Membership.

  4. Click OK to close the confirmation message.

  5. Repeat from step 2 for additional roles.

  6. Close the Add Role Membership dialog box.

    The Create Role: Role Hierarchy page shows the updated role hierarchy.

  7. Click Next.

Assign the Role to Users

On the Create Role: Users page, you can assign the job or abstract role you're creating to selected users.

To assign the role to a user:

  1. Click Add User.

  2. In the Add User dialog box, search for and select a user or role.

  3. If you select a role, then click Add Selected Users to add all the users assigned the role to the role you're creating. If you select a single user, then click Add User to Role.

  4. Click OK to close the confirmation message.

  5. Repeat from step 2 to add additional users.

  6. Close the Add User dialog box.

    The Create Role: Users page shows the updated role membership.

  7. Click Next.

Review the Role

On the Create Role: Summary and Impact Report page, review the summary of the changes. Click Back to make any corrections. Otherwise:

  1. Click Save and Close to save the role.

  2. Click OK to close the confirmation message.

Your custom role is available immediately on the Security Console.

Tip: Search for the job or abstract role on the Security Console and review its visualization. Edit the role to make any corrections.

Related Topics