1. Securing Sales and Fusion Service
  2. Edit Job or Abstract Roles

Edit Job or Abstract Roles

You can create a role by copying a predefined job role or abstract role and then editing the copy. This topic describes how to edit a role on the Security Console.

You must have the IT Security Manager job role to perform this task.

Edit the Role

To edit a job or abstract role:

  1. On the Roles tab of the Security Console, search for and select your custom role.

  2. In the search results, click the down arrow for the selected role and select Edit Role.

  3. On the Edit Role: Basic Information page, you can edit the role name and description, but not the role code. If location-based access is enabled, then you can also manage the Enable Role for Access from All IP Addresses option.

  4. Click Next.

Manage Functional Security Privileges

On the Edit Role: Function Security Policies page, any function security privileges granted directly to the copied role appear on the Privileges tab. Click Load Inherited Policies to populate the table with privileges that the role inherits. To view details of the code resources that a privilege secures, select the privilege in the Details section of the page.

You can add or delete existing privileges from copied roles but can't create new functional security policies. To delete a privilege that's added directly to the copied role, select the privilege and click the Delete icon. You can't delete inherited privileges.

To add a privilege to the copied role:

  1. Click Add Function Security Policy.

  2. In the Add Function Security Policy dialog box, search for and select a privilege or role.

  3. If you select a role, then click Add Selected Privileges to add all function security privileges from the role to your custom role. If you select a single privilege, then click Add Privilege to Role.

  4. Click OK to close the confirmation message.

  5. Repeat from step 2 for additional privileges.

  6. Close the Add Function Security Policy dialog box.

    All the privileges you selected are listed on the Edit Role: Function Security Policies page.

  7. Click Next.

The Resources tab, which is read-only, lists any resources granted to the role directly rather than through function security privileges. As you can't grant resources directly to roles on the Security Console, only resource grants created before Release 12 could appear on this tab. You can't edit these values.

Manage Data Security Privileges

On the Edit Role: Data Security Policies page, any data security policies granted to the copied role appear. You can add or remove policies from the copied role, or edit the existing policies. For information about creating, editing, and adding data security policies to a role, see the topic Edit Data Security Policies on the Security Console.

Click Next to continue to the next page.

Add and Remove Inherited Roles

The Edit Role: Role Hierarchy page shows the copied role and its inherited duty roles. The hierarchy is in tabular format by default but you can switch to graphical mode. You can add or remove roles.

To remove a role:

  1. Select the role in the table.

  2. Click the Delete icon.

  3. Click OK to close the confirmation message.

To add a role:

  1. Click the Add Role icon.

  2. In the Add Role Membership dialog box, search for and select the role to add.

  3. Click Add Role Membership.

  4. Click OK to close the confirmation message.

  5. Repeat from step 2 for additional roles.

  6. Close the Add Role Membership dialog box.

    The Edit Role: Role Hierarchy page shows the updated role hierarchy.

  7. Click Next.

Assign the Role to Users

On the Edit Role: Users page you can assign the copied role to a user.

To remove user access to a role:

  1. Select the user in the table.

  2. Click the Delete icon.

  3. Click OK to close the confirmation message.

To add user access to a role:

  1. Click the Add User button.

  2. In the Add User dialog box, search for and select a user or role (job or abstract role).

  3. If you select a role, then click Add Selected Users to add all the users assigned the role to your custom role. If you select a single user, then click Add User to Role.

  4. Click OK to close the confirmation message.

  5. Repeat from step 2 for additional users.

  6. Close the Add User dialog box.

    The Edit Role: User page shows the updated role membership.

  7. Click Next.

Review the Role

On the Edit Role: Summary and Impact Report page, review the summary of changes. Then do the following:

  1. Click Back to make corrections.

  2. When you have completed any corrections required, click Save and Close to save the role.

  3. Click OK to close the confirmation message.

The role is available immediately.

Related Topics