Professional Documents
Culture Documents
Fusion HCM Security Presentation
Fusion HCM Security Presentation
Agenda
Understand Role Based Access Control
Types of Roles in Oracle HCM Cloud
Creating Custom roles
Demo 1: Create Custom Abstract Role using Copy Role
Demo 2: Create Custom Job Role from scratch
Demo 3: Create Custom Data Role and assign it to users
Role Based Access Control
Oracle Cloud applications use a role based security model.
o Roles restrict system access to users.
o Roles control who can do what on which data.
o Every user must be assigned one or more roles to access the system.
Role Types
There are five types of roles in Oracle cloud security management:
Data Roles
Abstract Roles
Job Roles
Aggregate Privileges
Duty Roles
Data Role
Data roles combine a worker’s job and the data scope that the worker has access to.
There are no predefined data roles.
Data roles can be directly assigned to users.
Abstract Role
It represents a worker’s role in the enterprise and not the job that the worker is hired to
perform.
Employee, Line Manager and Contingent Worker – are delivered abstract roles.
You can also create custom abstract roles.
They can be directly assigned to users.
Job Role
Aligns with the job that the worker is hired to perform.
They are typically included in a data role and the data role is then assigned to the users.
You can create custom job roles.
Aggregate Privileges
They combine one function security privilege with one or more data security policies.
You cannot create/copy/modify/delete aggregate privileges.
Cannot be assigned directly to users.
Inherited by job/duty/abstract roles. Cannot inherit other roles.
Used to build roles.
Duty Role
Represent a set of privileges that are granted together.
Combine multiple function security privileges with relevant data security policies.
Custom duty roles can be created.
Can inherit aggregate privileges and other duty roles. Cannot inherit job roles.
Creating Custom Job/Abstract/Duty
Roles
Recommended approach to creating a role in HCM cloud is copying predefined roles and
editing the copies.
You can do deep copy to copy the entire role hierarchy or shallow copy to copy just the selected
role.
You must have IT Security Manager job role to perform the copy role task.
Demo 1
Create a custom abstract role using Copy Role
Demo 2
Create a custom Job Role from scratch
Demo 3
Create a custom Data Role and assign it to a user
Thank You!