1. Securing HCM
  2. Flow Security and Flow Owners

Flow Security and Flow Owners

Your HCM data role security determines which flows you can submit or view. This topic explains how the HCM data roles and flow security work together.

Use the Payroll Flow Security Profile task in the Setup and Maintenance work area to define security for payroll flow patterns.

Payroll Flow Security and HCM Data Roles

HCM data roles secure the access to flows through data privileges and to the tasks on a checklist through functional privileges.

  • When you submit a flow pattern, it generates a checklist of the included tasks.

  • You become the owner of the flow and its tasks. If a flow pattern designates tasks to different owners, you remain the flow owner.

  • Either you or the owner of a task can reassign the task to someone else. For example, to cover situations where the task is overdue and the task owner is on leave.

This figure illustrates how the payroll manager and payroll administrator can submit a process or report and can view the results of the monthly payroll flow.

Payroll manager and administrator can perform same task

The payroll manager or the payroll administrator can submit the flow and perform its tasks or have the tasks reassigned to them. The payroll manager and the payroll administrator can perform the same tasks because both of them have the same functional privileges.They can both submit and view the payroll flow data.This figure illustrates how only the payroll manager can calculate the payroll. The payroll manager can't reassign this task to a payroll administrator, because the administrator doesn't have the necessary functional privileges to submit the monthly payroll flow action.

Payroll manager can perform the task. Payroll administrator doesn't have the functional privilege to perform the task.

View Flow Security

When you submit a flow, you're taken to the Checklist page so that you can manage and monitor the tasks included in the flow.

You can also use the View Flows page, and navigate to these pages:
  • Click on a flow to go to the Checklist page of the selected flow. The checklist page shows the list of tasks in the flow as well as their completion status.

  • Click on a task to drill down to the Process Results Summary, it shows the employees processed within that task.

  • Click on the employee’s name to drill down to the Person Process Results page.

  • Navigate from the Person Process Results page to view the detailed process results for the employee. For example, view the Statement of Earnings, Messages, Balances, and Run Results for the Calculate Payroll task.

This table shows the function privilege that secure access to the View Flow Quick Action.

View Flow Security and Privileges

Page Aggregate Privileges Job Roles
View Flow Access Payroll Flow (PAY_ACCESS_PAYROLL_FLOWS) Payroll Manager, Payroll Administrator

Access Payroll Flow aggregate privilege includes all the necessary function and data privileges to access the Checklist, Process Results Summary, and Person Results pages.

Including View Flow in Your User-Defined Role

You might have a requirement to provide access to View Flow to other job roles, to allow them to view results of specific processes. To include View Flow in a user-defined role, complete these steps.
  1. Create a role by either copying a predefined job role or creating a new one.
  2. Add the aggregate privilege: Access Payroll Flow.
  3. Depending on the type of flow the role should have access to, you might need to provide additional function privileges such as:
    • Verify Statement of Earnings (PAY_VERIFY_STATEMENT_OF_EARNING)
    • View Employee Level Messages (PAY_VIEW_EMPLOYEE_LEVEL_MESSAGES)
    • View Payroll Balance (PAY_VIEW_PAYROLL_BALANCE)
    • View Payroll Run Results (PAY_VIEW_PAYROLL_RUN_RESULTS)
  4. Create a Payroll Flow security profile to include the flows your new role should have access to.
  5. Create a data role and associate the Payroll Flow security profile to it.
These aren't included in the Access Payroll Flow privileges:
  • QuickPay Results: If you want to use View Flow to access the QuickPay Results, you must grant access to the QuickPay Quick Action.
  • Import and Load Data: If you want to use View Flow to view results of HDL uploads, additional privileges are required.
  • Ability to take action on the tasks: Actions such as Retry or Rollback aren't available.
Note: If the flow-level messages aren't displayed, ensure that your data role includes this data security profile: Search Person Live Data.

Troubleshooting

If you have problems submitting or completing a task in a flow, these are the actions you can take.

Problem

Solution

Can't submit or view a flow

Confirm that the data role assigned to you includes a security profile for the payroll flow pattern.

Can't perform a task, such as a process or report

Confirm that your data role is based on a job or abstract role that includes functional privileges to perform that task.
Can’t view or take action on a flow task submitted by another user.

Update the flow pattern to add a group to the specific task.