Secure Elements through HCM Data Roles
Secure and limit access to elements based on your business requirements.
- Use the Element Security Profiles quick action to create an element security profile. Include or exclude elements to this profile as per your requirements.
- Add the new security profile to an HCM Data Role to secure and limit access to the elements.
For example, you can now restrict a Benefits user to access only the voluntary and pretax deductions, but not the regular and supplemental earnings. You can now define an element security profile to include only voluntary and pretax deduction elements and attach it to the Benefits Administrator data role.
When you navigate to the Element Entries page, the elements you can manage is restricted to those in your element security profile. You can enter, view, and edit certain earnings and deductions elements that are meant for your respective usage.
Features Secured by Element Security Profiles
-
Manage Element Entries (both Manage and View-only)
-
Manage Calculation Entries – Standard Entries only
- Manage Elements
- Balance Adjustment
-
Use REST Service – Element Entries
-
Use REST Service – Element Entries Read-Only
- Payroll Element Definition List of Values REST
- Payroll Input Values List of Values REST
-
HSDL – Element Entry
-
HDSL – Element Entry with Costing
- QuickPay
-
View Payroll Info under the Enrollment section of the Benefits Summary page.
Element Security Profiles
-
By default, all the existing data roles are automatically updated with the View All Elements element security profile.
- When upgrading to Update 24A, the Regenerate Data Security Profiles and Grants job set will be run; you should verify it ran successfully. You should see that the View All default value appears on your data roles after upgrading.
- When you create or edit a Data Role on the HCM Data Roles and Security Profiles page, use the Element Security Profile option under the Element section on the Create Data Role: Security Criteria page, to chose a element security profile for the role.
- If you have any automated test cases that try to edit a role or create a new
data role based on impacted job roles, you must populate the element
security profile value.
From this section, you can either select an existing element security profile or create one for the data role.
- You can also use these options to view, create, or edit element security
profiles for data roles.
- The Element sub-train stop on the Assign Security Profiles to Role page.
-
Support for the new profile under Preview HCM Data Security page.
-
A new parameter for the element security profile in the Regenerate Data Security Profiles and Grantsscheduled process.
Include or Exclude Elements in a Security Profile
You can include or exclude elements to an element security profile as per your security and business requirements.
When you create an element security profile, you select a Legislative Data Group (LDG).
Once you select an LDG on the Element Security Profile page, the element classifications applicable to the LDG gets populated in the Classifications region.
You can include multiple LDGs within a security profile. Each LDG must have at least one classification or element included.
-
LDG security and element security profile are independent of each other. When you implement both LDG and element security profile, ensure that the LDG included in the element security profile is also included in the LDG security profile.
-
Predefined statutory deduction elements exist for a legislation. If you have multiple LDGs within a single legislation, if you include the statutory deduction elements for one of the LDGs, they will be available for all LDGs within the same legislation.
-
When the security profile is based on primary classifications, you can only create elements with those primary classifications. Under Element Summary, Run Types, Balance Feeds, Status Processing Rules and Autoindirect rules shows only the elements in your Element Security Profile. Similarly, when creating new records, the element list of value is restricted.
QuickPay Processing
Element entries displayed on the QuickPay page are restricted based on the user element security profile. However, all elements are processed when the user submits the QuickPay.
Access Requirements
Job Role Name | Job Role Code |
---|---|
Application Implementation Consultant | ORA_ASM_APPLICATION_IMPLEMENTATION_CONSULTANT_JOB |
Benefits Administrator | ORA_BEN_BENEFITS_ADMINISTRATOR_JOB |
Benefits Manager | ORA_BEN_BENEFITS_MANAGER_JOB |
Benefits Specialist | ORA_BEN_BENEFITS_SPECIALIST_JOB |
Compensation Administrator | ORA_CMP_COMPENSATION_ADMINISTRATOR_JOB |
Human Capital Management Application Administrator | ORA_HRC_HUMAN_CAPITAL_MANAGEMENT_APPLICATION_ADMINISTRATOR_JOB |
Human Capital Management Integration Specialist | ORA_HRC_HUMAN_CAPITAL_MANAGEMENT_INTEGRATION_SPECIALIST_JOB |
Human Resource Analyst | ORA_PER_HUMAN_RESOURCE_ANALYST_JOB |
Human Resource Manager | ORA_PER_HUMAN_RESOURCE_MANAGER_JOB |
Human Resource Specialist | ORA_PER_HUMAN_RESOURCE_SPECIALIST_JOB |
Payroll Administrator | ORA_PAY_PAYROLL_ADMINISTRATOR_JOB |
Payroll Manager | ORA_PAY_PAYROLL_MANAGER_JOB |