Beruflich Dokumente
Kultur Dokumente
Overview
Steps To Implement Security
1. Start with Security Reference Implementation
2. Change Roles
3. Do Application Setups.
4. Generate Data Roles.
5. Auto-Provisioning Rules
Terminology
2
Overview
3
Vision
Operations in
Germany & the US Vision Germany Vision US
3
2
4 4
1
2
Line in Job Description Duty 3
4
4
Meet Doris
Procurement Procurement
Data Manager - Manager -
Roles US Germany
Abstract Expense
Reports
Job Role
Procurement
Manager
Roles
Duty Enter Expenses
Submit
Duty Buyer Mgt PO Changes Roles Expenses
Duty
Roles Duty
What can Doris do and view ?
Duties
Provide Duties
Access to Provide Access
Screens, to data behind
Reports, the screens
Dashboards
Via Data
Security
Via
Privileges
Doris Starts Using Fusion Apps
Duties
User
Doris
Data Role
Abstract Role Abstract Role
Procurement Manager -
Employee Line Manager
Germany
12
What determines Menu Items
16
Data Roles
Job role is a cookie cutter to generate data roles.
17
Data Roles What to slice data by?
18
Product Family Implementations
19
Summary So Far
20
Visual Summary
EBS Mapping US Security Profile EMEA Security Profile APAC Security Profile
Person
Sub Menu Duty Roles Configuration
Benefits Setup
Duty
Duty
22
Steps
23
Security Reference Implementation
24
Steps
25
Screens to Make Changes..
Oracle Identity Manager Authorization Policy Manager
(Delegated Administration) (Oracle Entitlements Server)
Data
Create Role
Users
Assign Role Generate Duties
Data Security
Duties
Role Duties
Policy
Privilege
26
Non-Employee Access to Fusion Apps
Options
1. Create a different HCM person type and create the
user in HCM with this person type.
This will create the OIM user account.
2. Create the user in Oracle Identity Manager
Delegated Administration Screen (instead of HCMs
Manage Users Screen) and assign the external
role directly there.
User will not exist in HCM tables, but access to applications
will work fine.
27
Changing a Role..
Oracle Identity Manager Authorization Policy Manager
(Delegated Administration) (Oracle Entitlements Server)
Data Duties
Role
Duties Duties
Data Security
Generate Policy
Duties
Role Privilege
Increasing Difficulty
***For HCM this is not recommended as HCM duty roles are very granular)
28
Steps
29
Data Role Generation
30
Steps
31
Create Auto-Provisioning Rules
33
Terminology
34
Terminology Review
Security Reference Implementation
An complete example implementation of Security for each
Fusion Offering.
Details in Security Reference Manuals for each Product.
Role (External Role or Enterprise Role)
Created in LDAP (Using Oracle Identity Manager)
Can also create a hierarchy of these Roles
Normally data roles are generated which also govern the
Business Unit (or other determinant) stripe of data the user
will see.
Role Category
A way to classify roles.
Examples from Reference Implementation - HCM Abstract
Roles, HCM Job Roles, Financials Job Roles etc..
35
Terminology
Abstract Role (External Role or Enterprise Role)
Abstract is nothing more than a category we seed to classify
roles in our Reference Implementation.
Roles we seed that are in this category are -
Accessory roles such as - Employee, Contingent Worker
etc.
Not a role you would find described on Monster.com
Usually assigned directly - does not require data role
generated on top of it.
Job Role
Also nothing more than a category we seed.
Roles we seed that are in this category are -
Roles that you would hire someone into Accounts
Payables Manager, Billing Clerk etc.
Usually requires a data role generated on top of it.
36
Terminology
37
Terminology
38