Creating Custom Roles to Enable Access to Project Financial Control Agents

Use this procedure to create a custom Projects job role that grants users access to Project Financial Control agents, their related child workflows, and the required security privileges in Oracle Project Financial Management.

  1. Navigate to Tools > Security Console.
  2. In the Security Console, click Create Role.
  3. In the Create Role: Basic Information page that appears, enter a Role Name and Role Code and select Projects - Job Roles as the Role Category.
  4. Click the Enable Permission Groups button and, in the modal that appears, click the Enable Permission Groups button.

    Permission groups are collections of related permissions that simplify how access is assigned and managed. By using permission groups, you can quickly grant consistent sets of capabilities to roles without configuring each permission individually.

  5. Click Next.

    The Function Security Policies page appears. Use this page to add the required privileges to the role. In this context, we need to add privileges that will enable access to the child workflows associated with the agent.

  6. Click Add Function Security Policy.

    The Add Function Security Policy modal appears.

  7. Search for Get Project Setups and select PJF_GET_PROJECT_SETUPS_PRIV. Click Add Privilege to Role. Similarly, select and add the GMS_MANAGE_AWARD_SERVICE_PRIV privilege to the role to view award and funding source configuration details. Close the modal once you're done.
  8. Click Next.
  9. The Permission Groups page appears. Since we've already enabled permission groups earlier, we don't need to make any changes here.
  10. Click Next.
  11. The Data Security Policies page appears.
  12. Click the Create Data Security Policy button.
  13. The Edit Data Security Policy modal appears.
  14. Enter the following values in the modal:
    1. Policy Name: The name of the policy. For example, Award Policy.
    2. Data Resource: Award for Table GMS_AWARD_HEADERS_B.
      Note: This data security policy is required to view award and funding source configuration details.
    3. Start Date: The date from which the data security policy must be active.
    4. End Date: (Optional) The date up to which the data security policy must be active.
    5. Data Set: Select by instance set
    6. Condition Name: Access awards for table GMS_AWARD_HEADERS_B for business unit based on Grants Management Award security as defined in Manage Data Access for Users Page.
    7. Actions: View Award Data
  15. Click OK to save the updated data security policy.
  16. Click Next. The Role Hierarchies page appears.
  17. Click the Roles and Permission Groups tab.
  18. In the Roles and Permission Groups tab, click the Add Role button.
  19. The Add Role Membership modal appears.
  20. Search for and select the duty role to associate with the custom role. Based on the agent that this custom role needs to access, enter one of the following values:
Agent Duty Role
Project Capitalization Analyst ORA_PJC_PROJECT_CAPITALIZATION_ANALYST_DUTY
Project Cost Adjustment Assistant ORA_PJC_PROJECT_COST_TRANSACTION_PROCESSING_DUTY
Project Cost Exceptions Assistant ORA_PJC_PROJECT_COST_EXCEPTION_ASSISTANT_DUTY

  1. Click Next.

    The Segregation of Duties page appears. No changes are needed here.

  2. Click Next.

    The Users page appears. Use this page to assign the custom role you just created to users in your organization.

  3. Click Add User.

    The Add User modal appears.

  4. Search for and select users to whom you need to assign this role. Click Add Selected Users.

    Note: Ensure that the users you select already have the required job roles, or assign the appropriate roles after you finish creating this custom role. Users might also need additional job roles to access specific agents or features.
  5. Click Next. The Summary page appears. Use this page to review and confirm the summary of the changes you made. You can move back and forth in the Create Role wizard to make any updates as needed.
  6. Once you're done, click Save and Close to create the role and assign it to the users you selected. Click OK in the confirmation modal that appears.
  7. The Roles page reappears, and you can review the details associated with the role you created.

After you save the role and assign it to the appropriate users, the custom role is ready to support access to the specified AI agent and related security privileges.