1. Securing Applications
  2. Export and Import of HCM Custom Roles and Security Profiles

Export and Import of HCM Custom Roles and Security Profiles

You're looking at migrating your HCM custom roles, data roles, and security profiles from one environment to another. To accomplish most of your HCM security migration needs, export the business objects in the Users and Security functional area within the Workforce Deployment offering.

Other offerings have a Users and Security functional area, but only the Workforce Deployment offering has the business objects that support migration of HCM custom roles within its Users and Security functional area.

Before You Begin

Learn how to export and import business object data. Detailed instructions are available in the Overview of Setup Data Export and Import topic of the Using Functional Setup Manager guide. Refer to the Related Topics section for the link to this topic.

What Gets Exported and Imported

When you migrate HCM roles and security profiles, the following business objects are exported in the configuration package generated from the Users and Security functional area within the Workforce Deployment offering.

  • Application Data Security

  • Application Profile Value

  • Functional Security Custom Roles

    • Functional Security Custom Role Hierarchy

    • Functional Security Custom Role Privilege Membership

  • HCM Data Role

    • HCM Data Role Security Profile

  • HCM Exclusion Role

    • HCM Exclusion Rule Detail

  • Legislative Data Group Security Profile

    • Legislative Data Group Security Profile List

  • Organization Security Profile

    • Organization Security Profile Classification List

    • Organization Security Profile Organization List

  • Country Security Profile

    • Country Security Profile Country List

  • Position Security Profile

    • Position Security Profile Position List

    • Position Security Profile Area of Responsibility Scope

  • HR Document Type Security Profile List

    • HR Document Type Security Profile List

  • Payroll Security Profile

    • Payroll Security Profile Pay

  • Payroll Flow Security Profile

    • Payroll Flow Security Profile Pay

  • Payroll Element Security Profile

    • Payroll Element Security Profile Details

  • Person Security Profile

    • Person Security Profile Manager Type

    • Person Security Profile Area of Responsibility Scope

    • Person Security Profile Exclusion

  • Talent Pools Security Profile
    • Talent Pools Security Profile Job Family
    • Talent Pools Security Profile Department
    • Talent Pools Security Profile Business Unit

  • Transaction Security Profile

    • Transaction Security Profile Entries

    • Transaction Security Profile Sub Categories

  • Role Provisioning Rule

    • Role Provisioning Associated Role List

Let's closely examine each business object to know what it contains.

Business Object

Information Included in Export and Import

Application Data Security

Application data security includes data security policies that are created in the following ways:

  • Manually using the Manage Database Resources page in the security console.

  • Manually using the Edit role/Copy role flow in the security console

  • Automatically when you copy a role using the Role Copy in the security profile

  • Automatically when you create profile content types

  • Automatically when you map HCM spreadsheet business objects to roles

Data security policies that are generated by the HCM Data Roles UI aren't exported as part of the application data security business object. They're automatically created on the target environment when you import the HCM Data Role business object.

Data security conditions that are generated from HCM security profiles aren't exported as part of the Application Data security business object. They're automatically created on the target environment when the HCM security profile business objects are imported.

Note: There's no scope support for application data security policies. When you export application data security policies all data security policies are exported, even if you provided a scope value for other security business objects in your configuration package.There's no Export to CSV option for this business object.

Application Profile Value

Application profile value includes the profile values for the PER_MASTER_WORK_EMAIL profile.

This profile option is no longer used and no values are exported for this business object.

Functional Security Custom Roles

The custom role includes the following details:

  • Role Code

  • Role Name

  • Role Description

  • Role Category

  • All IP Address Access - indicates that a role is granted access to the Security Control irrespective of the IP address from where it's signed in.

Note: The scope is limited to User Assignable roles only.

Functional Security Custom Role Hierarchy

The role hierarchy includes the following details:

  • Parent Role

  • Member Role

  • Add or Remove Role Membership

Functional Security Custom Role Privilege Membership

The role privilege membership includes the following details:

  • Parent Role

  • Member Privilege

  • Add or Remove Privilege Membership

HCM Data Role

The HCM data role includes the following details:

  • Data Role Code

  • Data Role Name

  • Data Role Description

  • Inherited Job Role Code

  • Delegation Allowed Check Box

HCM Data Role Security Profile

The HCM data role security profile includes the following details:

  • Data Role Code

  • Securing Object

  • Security Profile Name

HCM Exclusion Rule

HCM exclusion rule and HCM exclusion rule detail includes HCM exclusion rule definitions.

  • HCM Exclusion Rule

  • HCM Exclusion Rule Detail

Legislative Data Group Security Profile List

Legislative data group security profile list includes the following details:

  • Legislative data group security profile name

  • Legislative data groups that are included in the legislative data group security profile

Organization Security Profile

Organization security profile includes the following details:

  • Organization Security Profile Name

  • Enabled Check Box

  • View All Check Box

  • Include Future Organizations Check Box

  • Code indicating Department Hierarchy or Generic Organization Hierarchy

  • Hierarchy Name (if securing by organization hierarchy)

  • Top Organization Name (if securing by organization hierarchy)

  • Include Top Organization Check Box

  • Secure by Organization Hierarchy Check Box

  • Secure by Organization Classification Check Box

  • Secure by Organization List Check Box

Organization Security Profile Classification List

Organization security profile classification list includes the following details:

  • Organization Security Profile Name

  • Organization Classification Name

Organization Security Profile Organization List

Organization security profile organization list includes the following details:

  • Organization Security Profile Name

  • Organization name

  • Organization Classification

  • Include/Exclude Check Box

Country Security Profile

Country security profile includes the following details:

  • Country Security Profile Name

  • Enabled Check Box

Country Security Profile List

Country security profile list includes the following details:

  • Country Security Profile Name

  • Country code

Position Security Profile

Position security profile includes the following details:

  • Position Security Profile Name

  • Description

  • Enabled Check Box

  • View All Check Box

  • Include Future Positions Check Box

  • Hierarchy Name (if securing by position hierarchy)

  • Top Position Name (if securing by position hierarchy)

  • Include Top Position Check Box

  • Top Position Name (if securing by organization hierarchy)

  • Secure by Position Hierarchy Check Box

  • Secure by Department Check Box

  • Department Organization Security Profile Name (if securing by department)

  • Secure by Business Unit Check Box

  • Business Unit Organization Security Profile Name (if securing by business unit)

  • Secure by Position List Check Box

  • Secure by Area of Responsibility Check Box

Position Security Profile Position List

Position security profile position list includes the following details:

  • Position Security Profile Name

  • Position Code

  • Include/Exclude Check Box

Position Security Profile Area of Responsibility Scope

Position security profile area of responsibility scope includes the following details:

  • Position Security Profile Name

  • Responsibility Type

  • Scope of Responsibility

HR Document Type Security Profile

HR document type security profile includes the following details:

  • HR Document Type Security Profile Name

  • Enabled Check Box

  • View All Check Box

  • Include/Exclude Check Box

HR Document Type Security Profile List

HR document type security profile list includes the following details:

  • HR Document Type Security Profile Name

  • Document Type Name

Payroll Security Profile

Payroll security profile includes the following details:

  • Payroll Security Profile Name

  • Enabled Check Box

  • View All Check Box

Payroll Security Profile Pay

Payroll security profile pay includes the following details:

  • Payroll Security Profile Name

  • Payroll Name

  • Legislative Data Group Name
Payroll Flow Security Profile

Payroll flow security profile includes the following details:

  • Payroll Flow Security Profile Name

  • Enabled Check Box

  • View All Check Box

Payroll Flow Security Profile Pay

Payroll flow security profile pay includes the following details:

  • Payroll Flow Security Profile Name

  • Flow Name

Payroll Element Security Profile

Payroll element security profile includes the following details:

  • Element Security Profile
  • Name

Payroll Element Security Profile Details

Payroll element security profile details includes the following details:

  • Name
  • Element Security Profile Details
  • Legislative Data Group Name
  • Classification Name
  • Element Name

Person Security Profile

Person security profile includes the following details:

  • Person Security Profile Name

  • Description

  • Enabled Check Box

  • Access to Own Record Check Box

  • Include Future People Check Box

  • Include Shared People Information Check Box

  • Access to Candidates with Offers Check Box

  • Secure by Area of Responsibility

  • Secure by Manager Hierarchy Check Box

  • Person or Assignment Check Box

  • Maximum Levels in Hierarchy

  • Manager Hierarchy Type

  • Hierarchy Content Code

  • Secure by Person Type Check Box

  • Secure by Department Check Box

  • Department Security Profile Name (if securing by department)

  • Secure by Business Unit Check Box

  • Business Unit Profile Name (if securing by business unit)

  • Secure by Legal Employer Check Box

  • Legal Employer Security Profile Name (if securing by legal employer)

  • Secure by Position Check Box

  • Position Security Profile Name (if securing by position)

  • Secure by Legislative Data Group Check Box

  • Legislative Data Group Security Profile Name (if securing by legislative group)

  • Secure by Payroll Check Box

  • Payroll Security Profile Name (if securing by payroll)

  • Secure by Global Name Range Check Box

  • Global Name Range Start Value (if securing by global name range)

  • Global Name Range End Value (if securing by global name range)

  • Apply Exclusion Rules Check Box

  • Secure by Custom Criteria Check Box

  • Custom Restriction Text (if securing by custom criteria)

Person Security Profile Manager Type

Person security profile manager type includes the following details:

  • Person Security Profile Name

  • Manager Hierarchy Type (if something other than All or Line Manager has been selected on the security profile)

Person Security Profile Area of Responsibility Scope

Person security profile area of responsibility scope includes the following details:

  • Person Security Profile Name

  • Responsibility Type

  • Scope of Responsibility

  • Employee Check Box

  • Contingent Worker Check Box

  • Pending Worker Check Box

  • Nonworker Check Box

  • Candidate with Offer Check Box

Person Security Profile Exclusion

Person security profile exclusion includes the following details:

  • Person Security Profile Name

  • Exclusion Rule Name
Talent Pools Security Profile

Talent pools security profile includes the following details:

  • Talent Pool Security Profile Name
  • Enabled Check Box
  • View by Ownership Check Box
  • View All Check Box
  • View All Public Talent Pools Check Box
  • Secure by Business Unit Check Box
  • Secure by Department Check Box
  • Secure by Job Family Check Box
Talent Pools Security Profile Job Family

Talent pools security profile job family includes the following details:

  • Talent Pool Security Profile Name
  • Job Family Name
Talent Pools Security Profile Department

Talent pools security profile department includes the following details:

  • Talent Pool Security Profile Name
  • Department Name
Talent Pools Security Profile Business Unit

Talent pools security profile business unit includes the following details:

  • Talent Pool Security Profile Name
  • Business Unit Name

Transaction Security Profile

Transaction security profile includes the following details:

  • Transaction Security Profile Name

  • Description

  • Enabled Check Box

  • View All Check Box

Transaction Security Profile Entries

Transaction security profile entries include the following details:

  • Transaction Security Profile Name

  • Product Family

  • Category Code

  • All Sub Categories Check Box

  • Exclude Sub Category Check Box

Transaction Security Profile Sub Categories

Transaction security profile sub categories include the following details:

  • Transaction Security Profile Name

  • Product Family

  • Category Code

  • Sub Category Code

Role Provisioning Rule

Role provisioning rule includes the following details:

  • Mapping Rule Name

  • Legal Employer Name

  • Business Unit Name

  • Department Name

  • Job Set Code

  • Job Code

  • Position Business Unit Name

  • Position Code

  • Grade Set Code

  • Grade Code

  • Location Set Code

  • Location Code

  • User Person Type

  • System Person Type

  • Assignment Type

  • HR Assignment Status Code

  • Resource Role

  • Party Type Usage Code

  • Contact Role

  • Manager with Reports Check Box

  • Manager Type

  • Responsibility Type

Role Provisioning Associated Role List

Role provisioning associated role list includes the following details:

  • Mapping Rule Name

  • Role Code

  • Requestable Check Box

  • Self-Requestable Check Box

  • Autoprovision Check Box

Other business objects that you might like to export when migrating HCM custom roles are:

  • Job Requisition Security Profile

  • Spreadsheet Business Object Security Mapping

Let's closely examine each of these business objects to know what they contain.

Business Object

Information Included in Export and Import

Job Requisition Security Profile

Job requisition security profile includes the following details:

  • Job Requisition Security Profile Name

  • Enabled Check Box

  • View All Check Box

  • Secure by Job Family Check Box

  • Secure by Job Function Check Box

  • Secure by Location Check Box

  • Secure by Organization Check Box

  • Secure by Recruiting Type Check Box

Spreadsheet Business Object Security Mapping

HCM spreadsheet business object access mapping includes the following details:

  • Role Code

  • Business Object

  • Product Area

  • Enabled Check Box

  • All Business Objects Check Box

You can migrate job requisition security profiles by exporting the business objects in the Users and Security functional area within the Recruiting and Candidate Experience offering. You should do this before migrating the business objects in the Users and Security functional area within the Workforce Deployment offering. You must have the Recruiting Administrator role to export and import job requisition security profiles.

You can migrate HCM spreadsheet business object access mappings by exporting the business objects in the HCM Data Loader functional area within the Workforce Deployment offering. You should do this after migrating the business objects in the Users and Security functional area. You must have the Human Capital Management Integration Specialist role to export and import HCM spreadsheet business object access mappings.

After the Import Completes

You might need to wait for a period of time before all of the migrated data security policies are visible in the security console after completing the import of the configuration package that's generated from the Users and Security functional area within the Workforce Deployment.

When application data security policies are imported, a process runs in the background to synchronize the imported data security policies with the roles on the target environment. The imported data security policies aren't active until this process has completed, at which point the data security policies will be visible in the security console. This affects data security policies for custom roles that have been copied from other roles in the source environment. It also affects custom roles that have data security policies that were added manually using the security console.

Note: No manual regeneration processes are needed on the target environment; the import process triggers the role regeneration process. This only applies if you're importing the HCM Data Role business object.

What's Not Included

Data security policies that have been manually created from the security console, and which reference conditions that have been generated from an HCM security profile, must be manually recreated on the target environment. You must import the condition by importing the appropriate HCM security profile business object before creating these data security policies in the target environment.

Related Topics