Introduction
Use HCM Spreadsheet Data Loader (HDSL) to provide bulk-data loading capabilities for your business users and inbound integrations. You can configure spreadsheet templates for your specific use cases and assign access to those templates to just the roles that require them. For example, your recruiting integration could have access to a New Hire spreadsheet, whereas the Overtime Hours spreadsheet would be available to your Payroll Administrator.
This tutorial explains template security and guides you through the configuration of the various roles you require to create and implement custom templates and assign role access to predefined templates.
Note:
This tutorial assumes you have Redwood enabled. If this is not the case, follow the Release 25A tutorial.Spreadsheet Data Security
Templates are configured to upload data as either the Session User or the Elevated User.
You're always recommended to use the session user. This ensures that user is restricted to which records they can create and maintain by their data-security configuration, and the records being uploaded have the end-user's username as the Created By or Last Updated By value.
When the template uploads data as the elevated user:
- The end-user's data security configuration is ignored as the elevated user has access to all records.
- The Created By and Last Updated By fields show the elevated username.
Some objects use data security in the application, but that data security isn't available in HSDL. For these objects, only the elevated user is available.
Tip:
You can identify business objects that are restricted to upload data as the elevated user from the Spreadsheet Loading Support information available against all business objects in the View Business Objects task.
You require a separate function security privilege to assign role access to templates based on restricted spreadsheet loading objects.
Template Design
You design and test spreadsheet templates on your non-production environments. To do this you grant access to the Spreadsheet Templates task and the ability to load data using HSDL. You then configure which business objects the template designer can import and create templates for, using the Spreadsheet Business Object Access task.
Examples:
Use the Security Console to create your template designer roles and the Spreadsheet Business Object Access task to configure the business objects and product areas each template designer role can create and import spreadsheet templates for.
- Task 1 explains how to grant access to the Spreadsheet Business Object Access task.
- Task 2 explains how to create the template designer roles.
- Task 3 explains how to configure the business objects and product areas a template designer can create and import templates for.
Production Template Implementation
You'll again use the Spreadsheet Templates task in your production environment to import your tested HSDL templates, assign the roles that can use the template and the data set access they have, and then activate them. For this you can create production template implementation roles and configure the business objects and product areas each role can import templates for.
Examples:
Tip:
It's recommended that your production roles don't have access to load data using HCM Spreadsheet Data Loader.You create business object restricted roles on production in a similar way as you do on non-production environments.
- Task 4 explains how to create production template implementation roles for a restricted list of business objects.
Alternatively, you can choose to create a single administrator role for importing templates into production, assigning role access and any ongoing maintenance.
Once a template is made active, business object security is replaced by template security and only the role configured to maintain a template can edit it. The advantage of using the administrator role is that you don't need to configure the maintenance role for each of your templates. The disadvantage, you can't restrict the updates users of this role perform. They can edit the template definition, assign, and remove role access and change the status of any template.
Tip:
You can enable auditing of role configuration changes.- Task 5 explains how to create a template administrator role which can maintain every template.
Objectives
In this tutorial you will:
- Create a role to configure the business objects your spreadsheet template designer and implementation roles can create and import templates for.
- Create business object specific roles for designing and testing spreadsheet templates.
- Create business object specific roles for importing and assigning role access to spreadsheet templates on production environments.
- Create a template administrator role for maintaining and granting access to any template.
Prerequisites
To complete this tutorial, you will need:
- Access to the Security Console.
Task 1: Grant Access to the Spreadsheet Business Object Access Task
The Spreadsheet Business Object Access task is used to configure which business objects a spreadsheet template designer can create and import templates for. This access would normally be granted to your application administrator. Here you'll define a new custom role to grant access.
- Log in to the application with a user that has Security Console access.
- Navigate to Tools > Security Console and click Create Role.
- Specify a Role Name of HSDL Business Object Access or similar and supply a unique role code.
- Specify a Role Category of HCM - Job Roles.
- Add this Function Security Policy:
- Add this Role Hierarchy:
- Save your changes.
| Policy Name | Policy Code | Grants Access To |
|---|---|---|
| Manage Data Exchange Work Area | HRC_MANAGE_DATA_EXCHANGE_PRIV | Data Exchange work area |
| Role Name | Role Code | Grants Access To |
|---|---|---|
| Manage HCM Spreadsheet Data Loader Business Object Access | ORA_HRC_MANAGE_HSDL_BO_ACCESS | Spreadsheet Business Object Access task |
You can now grant this role to the application administrator user responsible for configuring the business objects your HSDL template designers can create and import templates for.
Task 2: Grant Access to Design Spreadsheet Templates
This task describes how to create to design, test, and grant access to HSDL templates.
You can choose to have multiple template designer roles; each granted access to a restricted set of business objects or have a single template designer role with access to create and import templates for all available business objects.
Caution:
Template designer roles allow the user to upload data, so this role should only be created on non-production environments.- Click Create Role in the Roles tab of the Security Console.
- Specify a Role Name and Role Code that identifies the business objects this template designer can define templates for. For example, HSDL Template Designer - Worker, or HSDL Template Designer - All Objects.
- Specify a Role Category of HCM - Job Roles.
- Add these Function Security Policies:
- Optionally add this function security privilege:
Function Security Policies Policy Name Policy Code Grants Access To Assign Roles to any HCM Spreadsheet Data Loader Template HRC_ASSIGN_ROLES_TO_ANY_HSDL_TEMPLATE Allows the user to assign roles to all HCM Spreadsheet Data Loader templates, including those based on secured business objects that don't enforce data security in HSDL. Tip:
Without this privilege you can only assign role access to templates that maintain objects which support loading data as the session user.
- Add these Role Hierarchies:
- Save your role.
- Repeat for your other template designer roles.
| Policy Name | Policy Code | Grants Access To |
|---|---|---|
| Review HCM Data Loader Business Objects | HRC_REVIEW_HDL_BUSINESS_OBJECTS_PRIV | View Business Objects task
Tip: The View Business Objects task is the data dictionary for all HSDL supported objects. Use it to understand the business object shape and supported attributes when designing spreadsheet templates. |
| Manage Data Exchange Work Area | HRC_MANAGE_DATA_EXCHANGE_PRIV | Data Exchange work area |
| Role Name | Role Code | Grants Access To |
|---|---|---|
| Manage HCM Spreadsheet Data Loader Templates | ORA_HRC_MANAGE_HSDL_TEMPLATES | Spreadsheet Templates task |
| Load Data using HCM Spreadsheet Data Loader | ORA_HRC_LOAD_DATA_USING_HSDL | Load data using HSDL spreadsheets
Caution: Don't grant access to the Load Data using HCM Spreadsheet Data Loader role hierarchy on your production environment. Your template designer role shouldn't be able to bulk load data in production environments. |
Tip:
If you instead create a base role with these permissions and create roles that inherit this, don't assign business object access to your base role. They will be inherited by any role that inherits your base role.Task 3: Configure Business Object Access
Having created a custom role, you need to assign the objects and product areas users with that role can create and import spreadsheet templates for.
- Log into the application with a user that has access to the Spreadsheet Business Object Access task. Refer to Task 1 for how to grant access to this task.
- Navigate to My Client Groups > Data Exchange.
- Click Spreadsheet Business Object Access.
- Search for your custom role and click the Edit action.
- Click the Assign button.
You're navigated to the View Assigned Business Objects page where you can review the business objects and product areas users of this role can create and import spreadsheet templates for.
Assign Individual Business Objects
If you select Assign Individual Business Objects, you're navigated to the Assign Individual Business Objects page.
- Search for business objects using the search bar and filters.
- Check the checkbox against a business object to add it to the role.
- Click Save. An entry will be created in the Assigned Business Objects table for each of the selected business objects.
Tip:
The Assigned by Product Area column indicates if the business object is already available to the role via a product area mapping.
Assign All Business Objects in a Product Area
If you select Assign All Business Objects in a Product Area, then you're navigated to the Assign Business Objects by Product Areas page, where you can configure your template designer role to have access to create and import templates for the business objects in a product area.
- Search for the product area using the search bar.
- Click the Edit action button. This opens the Business Objects Within the Product Area panel, which allows you to review the objects the role will be able to create and import templates with by assigning this product area to the role.
- Deselect any business objects this role shouldn't be creating or importing HSDL templates for.
- Click Save You'll be navigated back to the Assign Business Objects by Product Areas page where you can review the product area mapping and assign other product areas to the Role
- Return to the View Assigned Business Objects page to review and configure the role's mappings.
Tip:
The Assigned column indicates if the business object is already available to the role via an individual business object mapping.
Tip:
You can configure the business objects available in an existing product area mapping by clicking the Edit button against the product area.Assign All Business Objects
If you select Assign All Business Objects a confirmation message displays to explain your template designer role will have access to create and import templates for all business objects.
- Click Assign to close the warning and continue. A single entry appears for the access to all business objects in the Assigned Business Objects table.
Task 4: Creating Production Template Implementation Roles
To import your tested templates on your production environment, assign role access, and activate them, you'll need a template implementation role on production.
- Click Create Role in the Roles tab of the Security Console.
- Specify a Role Name and Role Code that identifies the business objects this template implementation can import and activate templates for. For example, HSDL Template Implementation - Worker.
- Specify a Role Category of HCM - Job Roles.
- Add this Function Security Policy:
- If this role is responsible for implementing templates based on business objects with restricted spreadsheet loading support, add this function security privilege:
Function Security Policies Policy Name Policy Code Grants Access To Assign Roles to any HCM Spreadsheet Data Loader Template HRC_ASSIGN_ROLES_TO_ANY_HSDL_TEMPLATE Allows the user to assign roles to all HCM Spreadsheet Data Loader templates, including those based on secured business objects that don't enforce data security in HSDL. Without this privilege you can only assign role access to templates that maintain objects which support loading data as the session user.
- Add this Role Hierarchy:
- Save your role.
- Follow the steps in Task 3 to configure the business objects this role can import templates for.
Tip:
Name the role for the business objects it can create templates for.| Policy Name | Policy Code | Grants Access To |
|---|---|---|
| Manage Data Exchange Work Area | HRC_MANAGE_DATA_EXCHANGE_PRIV | Data Exchange work area |
| Role Name | Role Code | Grants Access To |
|---|---|---|
| Manage HCM Spreadsheet Data Loader Templates | ORA_HRC_MANAGE_HSDL_TEMPLATES | Spreadsheet Templates task |
Caution:
Don't grant access to the Load Data using HCM Spreadsheet Data Loader role hierarchy on your production environment. Your template maintenance role shouldn't be able to bulk load data in production environments.Task 5: Grant Spreadsheet Template Administrator Access
Once a template is made active, business object security is replaced by template security and only the users with a job role configured to maintain a template can assign roles to it. To assign role access to a template you haven't assigned an admin role for, or for preconfigured templates that are already active without a template admin assigned, you'll need a spreadsheet template administrator role.
These steps configure an all-template access role that can be used to assign roles to spreadsheet templates but can't use those templates to bulk-load data.
- Log in to the application with a user that has Security Console access.
- Navigate to Tools > Security Console and click Create Role.
- Specify a Role Name of HSDL All Templates Role Administrator or similar and supply a unique role code.
- Specify a Role Category of HCM - Job Roles.
- Click Next and on the Function Security Policy page, add these policies:
- Navigate to the Role Hierarchy page and add these roles:
- Navigate to the Summary page and click Save and Close.
| Policy Name | Policy Code | Grants Access To |
|---|---|---|
| Manage Data Exchange Work Area | HRC_MANAGE_DATA_EXCHANGE_PRIV | Data Exchange work area |
| Role Name | Role Code | Grants Access To |
|---|---|---|
| HCM Spreadsheet Data Loader Template Administration | ORA_HRC_HSDL_TEMPLATE_ADMINISTRATION | Create and maintain templates for all business objects. |
You can now assign this role to users responsible for maintaining all spreadsheet templates.
Related Links
Help Topics- Guidelines for using HCM Spreadsheet Data Loader
- How You Enable Access to HCM Spreadsheet Data Loader Tasks
Related Oracle by Example tutorials:
Acknowledgements
- Authors - Ema Johnson (Senior Principal Product Manager)
More Learning Resources
Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.
For product documentation, visit Oracle Help Center.
Configure Access to Design and Maintain HCM Spreadsheet Data Loader (HSDL) Templates
F86001-05
February 2025