Secure Elements through HCM Data Roles

Secure and limit access to elements based on your business requirements.

Perform these two actions to secure and limit access to all elements:

• Use the Element Security Profiles quick action to create an element security profile. Include or exclude elements to this profile as per your requirements.
• Add the new security profile to an HCM Data Role to secure and limit access to the elements.

For example, you can now restrict a Benefits user to access only the voluntary and pretax deductions, but not the regular and supplemental earnings. You can now define an element security profile to include only voluntary and pretax deduction elements and attach it to the Benefits Administrator data role.

When you navigate to the Element Entries page, the elements you can manage is restricted to those in your element security profile. You can enter, view, and edit certain earnings and deductions elements that are meant for your respective usage.

Features Secured by Element Security Profiles

The Element Security Profile restriction applies to these payroll features:

• Manage Element Entries (both Manage and View-only)

• Manage Calculation Entries – Standard Entries only

• Manage Elements
• Balance Adjustment

• Use REST Service – Element Entries

• Use REST Service – Element Entries Read-Only

• Payroll Element Definition List of Values REST
• Payroll Input Values List of Values REST

• HSDL – Element Entry

• HDSL – Element Entry with Costing

• QuickPay

It also applies to the following Benefits feature:

• View Payroll Info under the Enrollment section of the Benefits Summary page.

Element Security Profiles

Use the Element Security Profile task to create element security profiles. However, you can make use of any these available updates.

• By default, all the existing data roles are automatically updated with the View All Elements element security profile.

• When upgrading to Update 24A, the Regenerate Data Security Profiles and Grants job set will be run; you should verify it ran successfully. You should see that the View All default value appears on your data roles after upgrading.
• When you create or edit a Data Role on the HCM Data Roles and Security Profiles page, use the Element Security Profile option under the Element section on the Create Data Role: Security Criteria page, to chose a element security profile for the role.
• If you have any automated test cases that try to edit a role or create a new data role based on impacted job roles, you must populate the element security profile value.

  From this section, you can either select an existing element security profile or create one for the data role.

• You can also use these options to view, create, or edit element security profiles for data roles.
  • The Element sub-train stop on the Assign Security Profiles to Role page.

  • Support for the new profile under Preview HCM Data Security page.

  • A new parameter for the element security profile in the Regenerate Data Security Profiles and Grantsscheduled process.

Include or Exclude Elements in a Security Profile

You can include or exclude elements to an element security profile as per your security and business requirements.

When you create an element security profile, you select a Legislative Data Group (LDG).

Once you select an LDG on the Element Security Profile page, the element classifications applicable to the LDG gets populated in the Classifications region.

Select the required primary classifications, all elements within the selected primary classifications are automatically included in the element security profile. However, if required, you can exclude some elements from the selected classifications, or include some elements from a classification you haven't selected.

Note: You can include multiple LDGs within a security profile. Each LDG must have at least one classification or element included.Consider the following when you create element security profiles and include or exclude elements:

• LDG security and element security profile are independent of each other. When you implement both LDG and element security profile, ensure that the LDG included in the element security profile is also included in the LDG security profile.

• Predefined statutory deduction elements exist for a legislation. If you have multiple LDGs within a single legislation, if you include the statutory deduction elements for one of the LDGs, they will be available for all LDGs within the same legislation.

• When the security profile is based on primary classifications, you can only create elements with those primary classifications. Under Element Summary, Run Types, Balance Feeds, Status Processing Rules and Autoindirect rules shows only the elements in your Element Security Profile. Similarly, when creating new records, the element list of value is restricted.

QuickPay Processing

Element entries displayed on the QuickPay page are restricted based on the user element security profile. However, all elements are processed when the user submits the QuickPay.

Access Requirements

You can use this feature only for the job roles given in this table.

Job Role Name	Job Role Code
Application Implementation Consultant	ORA_ASM_APPLICATION_IMPLEMENTATION_CONSULTANT_JOB
Benefits Administrator	ORA_BEN_BENEFITS_ADMINISTRATOR_JOB
Benefits Manager	ORA_BEN_BENEFITS_MANAGER_JOB
Benefits Specialist	ORA_BEN_BENEFITS_SPECIALIST_JOB
Compensation Administrator	ORA_CMP_COMPENSATION_ADMINISTRATOR_JOB
Human Capital Management Application Administrator	ORA_HRC_HUMAN_CAPITAL_MANAGEMENT_APPLICATION_ADMINISTRATOR_JOB
Human Capital Management Integration Specialist	ORA_HRC_HUMAN_CAPITAL_MANAGEMENT_INTEGRATION_SPECIALIST_JOB
Human Resource Analyst	ORA_PER_HUMAN_RESOURCE_ANALYST_JOB
Human Resource Manager	ORA_PER_HUMAN_RESOURCE_MANAGER_JOB
Human Resource Specialist	ORA_PER_HUMAN_RESOURCE_SPECIALIST_JOB
Payroll Administrator	ORA_PAY_PAYROLL_ADMINISTRATOR_JOB
Payroll Manager	ORA_PAY_PAYROLL_MANAGER_JOB