Advisor Webcast Fusion Role Customization Jul2014

ATTENTION AUDIO Options
You can:
Either listen the audio broadcast on your computer

Or join teleconference (dial in)
Copyright 2014 Oracle and/or its affiliates. All rights reserved. |
Voice Streaming Audio Broadcast
Listen only mode

Advantage: no need to dial in
What about Questions?
Type your questions into WebEx Q&A panel
If you prefer full audio access in order to ask
questions directly, please connect to our
teleconference
Connect details you will find at next slide
ATTENTION AUDIO INFORMATION

Teleconference Connect details:
1. Conference ID: Complete your ID here
2. International dial in: +44 (0) 1452 555 566
3. US Free call: 1866 966 9439
4. List with national toll free numbers is available in
Note ID: 1148600.1
You can view this info anytime during the conference using
Communicate > Teleconference > Join Teleconference
from your WebEx menu
Safe Harbor Statement

The following is intended to outline our general product direction.
It is intended for information purposes only, and may not be
incorporated into any contract. It is not a commitment to deliver
any material, code, or functionality, and should not be relied upon
in making purchasing decision. The development, release, and
timing of any features or functionality described for Oracles
products remains at the sole discretion of Oracle.
Oracle Advisor Webcast

Customizing Roles in Oracle Fusion Applications
Lakshmi Reddeppa Noolu
Senior Principal Software Engineer
Oracle Fusion Security, Global Customer Services
July 10, 2014
Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for
information purposes only, and may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality, and should not be relied upon
in making purchasing decisions. The development, release, and timing of any features or
functionality described for Oracles products remains at the sole discretion of Oracle.
Objectives
Understand various types of roles in FA

Know tools for managing various roles
Look at steps to create custom roles

Review steps to provision roles to users
Agenda
1
All about Roles
Tools for Managing Roles
Creating custom roles
Data Roles & Security Policies
Provisioning roles to users
Demo
Fusion Role Terminology

?
Application Role
Job Role
Privilege
Data Role
Entitlement
Enterprise Role
Abstract Role
Policy
Duty Role
?
10
Fusion Roles Overview

Job Role - represent the job that you hire a worker to perform. For e.g,
Human Resource Analyst, Payroll Manager, Sales Representative
Abstract Role - represent a worker's role independently of the job that you
hire the worker to do. For e.g,
Employee, Line Manager, Resource
Data Role - combine a worker's job and the data that users with the job
must access. For e.g,
Payroll Administrator US, Human Resource Specialist R&D
Duty Role - represent the individual duties that users perform as part of
their job. For e.g,
Worker Duty, Sales Forecasting Duty
11
Fusion Roles Overview

Oracle Fusion Apps
Job Role
Abstract Role
Data Role
Duty Role
Function Security Privilege
Service/Taskflow etc.
Database Table
Data Security Privilege
Oracle Identity Manager

(OIM)
Role
Role
Authorization Policy
Manager (APM)
External Role
External Role
Role
External Role
Application Role
Entitlement
Resource
Database Resource
Action
12
Security Model Comparison

Fusion Applications
Data Role
Job Role
Duty Role
Privilege
Permission
E-Business Suite
Responsibility
Top Level Menu
Sub Menu
Form Function
Executable
PeopleSoft
Employee ID + Role
Top Level Menu
Role(s)
Permission Lists
Executable
13
Role Inheritance
14
Tools To Manage Fusion Roles

Role
Job / Abstract Role
Duty Role
Data Role (HCM)
Tool
Oracle Identity Manager (OIM)
Authorization Policy Manager (APM)
Fusion HCM UI / APM
15
Role Customization Scenario

Show / Hide menu links
Seeded Role has access more than needed
Seeded Role has less access than needed
Submenu / Links need to be hidden for a set of users
Seeded Role does not meet Implementation objectives
16
Ways to Customize Roles

Menu Customization
Create New Custom Role (Recommended)
Modify Seeded Role (Not Recommended)
17
Menu Customization
Show / Hide menu items at Site level
Check / Uncheck Rendered property
Show / Hide menu items at Role level

Use EL Expression, #{securityContext.userInRole[<ROLE_CODE>']}
E.g., #{securityContext.userInRole['PER_HUMAN_RESOURCE_MANAGER_JOB']}
Multiple Roles can be entered as comma separated values
For more details, refer doc:
How to Conditionally Hide/Show a Global Menu Node (Doc ID 1438414.1)
18
New Custom Job Role

Need: Menu Customization does not meet requirement
Suggestion: Create New Custom Job Role
Advantages:
Seeded roles are intact
Not overwritten by upgrades
New Job Role created in OIM

Duty Roles added to New Job Role via APM
19
New Custom Job Role - Steps

Navigate to OIM via task Manage Job Roles from FSM
20

Create new Role via Administration => Create Role
21

Associate new Job Role with seeded and/or custom Application Roles in
APM
22
Modify Seeded Job Role

Add / Remove duties from Job Role
Advantage easy to customize
Disadvantages:
Seeded functionality is lost
Not easy to revert customizations
Upgrades might override customizations
23
Modify Seeded Job Role - Steps

Navigate to APM via task Manage Duties from FSM
24
Modify Seeded Job Role - Steps

Search for External Role, open resultant Role
Add / Remove Duty roles in Application Role Mapping tab
25
New Custom Application Role

Always Create New Custom Application Role
Advantages:
Seeded roles are intact
Not overwritten by upgrades
Disadvantages:
Complicated and error prone
Role copy functionality not yet available
New Application Role created and managed in APM
26
New Custom Application Role - Steps

Select stripe, then click on New Application Role and fill details
27

Add Duty Roles in Application Role Hierarchy tab
28

Add Entitlements via Create Policy button
29

Add Data Security Policies in Data Security tab
30

Add / Map Job Role in External Role Mapping tab
31
Modify Seeded Application Role

Add / Remove Entitlements from Duty Role
Advantage easy to customize
Disadvantages:
Seeded role reference is lost
Restoration of seeded role definition is difficult
Refer below docs for details on Duties and Privileges Mapping

Mapping Of Roles, Duties and Privileges in Fusion Applications (Doc ID 1460486.1)
32
Modify Seeded Application Role - Steps

Navigate to APM via task Manage Role Templates from FSM
Search for Application Role for a stripe, open resultant Role
Add / Remove Duty role inheritance in Application Role Heirarchy tab
Add / Remove Entitlements via Find Policies => Functional Policies tab
Add / Modify Data Security Policy via Find Policies => Data Security tab
33
34
35
HCM Data Role - Steps

Go to task "Manage Data Role and Security Profiles from FSM
Enter New Data Role name and select Job Role
For each object type, include only one security profile
Create new Security Profile where needed
Review and Submit
36
37
38
39
Modify Data Security Policies

Search for Application Role for a stripe, open resultant Role
Add / Modify Data Security Policy via Find Policies => Data Security tab
Modify Condition from Rule tab
Choose Actions from Action tab
40
Modify Data Security Policies
41
Provision Roles to Users

Roles can be provisioned to Users Automatically or on Request
Define Role Mapping Rule via task Manage HCM Role Provisioning Rules
Choose conditions
Add Roles to definition and choose options (Auto-provision, Requestable,
Self-Requestable)
Role Mapping Rules apply when User is created in FA
Apply Auto-provision assigns the roles to all users who meet the condition
42
Provision Roles to Users
43
Live Demo
Summary
What we covered today
We learned on:
Various roles in Fusion
What Role name is called where
Where to manage each role
How to create new Job Role and Duty Role
How to provision Role(s) to Users
Helpful References
Mapping Of Duty Roles To Top Level Menu Entries in Fusion Applications
(Doc ID 1459828.1)
Mapping Of Roles, Duties and Privileges in Fusion Applications (Doc ID
1460486.1)
How to Remove Menu Items in Fusion Applications using Menu Item
Customization (Doc ID 1550048.1)
How to Conditionally Hide/Show a Global Menu Node (Doc ID 1438414.1)
Creating Custom Roles in Fusion Applications CRM (Doc ID 1477072.1)
Customizing Roles In Fusion Applications (Doc ID 1595864.1)
46
Learn More
Available References and Resources to Get Proactive
About Oracle Support Best Practices
www.oracle.com/goto/proactivesupport
Get Proactive in My Oracle Support
https://support. oracle.com | Doc ID: 432.1
My Oracle Support Blog
https://blogs.oracle.com/supportportal/
Ask the Get Proactive Team

get-proactive_ww@oracle.com
Q&A
Accessing My Oracle Support Community

1.
Via My Oracle Support -> Community

Tab
2.
Directly https://communities.oracle.com
Where Can I Get The Slides From This Session?

1. PDF link from Doc ID 740966.1 (within 48 hours)
2. RAC/Scalability Community >Content Tab > Documents (within 24 hours)
Session Related Community Links
The following thread will have a copy

of the presentation and can be used
for additional questions or discussions
on this topic.
https://community.oracle.com/thread/
3570481
Oracle Advisor Webcast Program

Locating Current Schedule & Archived Recordings
From Note ID : 740966.1
drill down to your area
of interest
For us, Oracle Database
Access the DB page
directly via Note ID :
1455369.1
Oracle Advisor Webcast Program

Locating Current Schedule & Archived Recordings For DB
Note:
Click column headings to sort
Hover on Webcast Title for more
information
Recordings available within 48

hours
Advisor Webcast Questions on a
webcast or ask questions via the
Questions? link
THANK YOU
55
Oracle Color Palette

Lights/Darks
R 255
G 255
B 255
Accents and default chart color order
R 95
G 95
B 95
R 220
G 227
B 228
R 127
G 127
B 127
R 255
G0
B 0
R 138
G 19
B 59
R 255
G 119
B 0
R 70
G 87
B 94
R 141
G 166
B 177
R 176
G 195
B 200
56
Additional Resources
Oracle Corporate Photography
Oracle Corporate Hardware Photography
my.oracle.com\site\mktg\creative\graphics\photography
my.oracle.com/site/mktg/creative/Graphics/Photography/cnt1375391.htm
Academic
Airline
Analytics
Application
ATM
Oracle Corporate Icons
Oracle Corporate Logos
my.oracle.com/site/mktg/creative/Graphics/Icons/index.html
my.oracle.com/site/mktg/creative/Logos/index.html
57
AUDIO INFO Join Teleconference
Question and Answer Instructions

Q&A panel
Send your question
Ask: ALL PANELLIST leave default!

1
type your question here
Question and Answer Instructions (cont)
your question pop-up here

Advisor Webcast Fusion Role Customization Jul2014

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Advisor Webcast Fusion Role Customization Jul2014

Uploaded by

Copyright:

Available Formats

ATTENTION AUDIO Options

Either listen the audio broadcast on your computer

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

Voice Streaming Audio Broadcast

Listen only mode

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

ATTENTION AUDIO INFORMATION

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

Safe Harbor Statement

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

Oracle Advisor Webcast

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

Safe Harbor Statement

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

Understand various types of roles in FA

Look at steps to create custom roles

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

All about Roles

Tools for Managing Roles

Creating custom roles

Data Roles & Security Policies

Provisioning roles to users

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

Fusion Role Terminology

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

Fusion Roles Overview

Fusion Roles Overview

Oracle Identity Manager

Security Model Comparison

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

Tools To Manage Fusion Roles

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

Role Customization Scenario

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

Ways to Customize Roles

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

Show / Hide menu items at Role level

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

New Custom Job Role

New Job Role created in OIM

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

New Custom Job Role - Steps

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

New Custom Job Role - Steps

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

New Custom Job Role - Steps

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

Modify Seeded Job Role

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

Modify Seeded Job Role - Steps

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

Modify Seeded Job Role - Steps

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

New Custom Application Role

New Application Role created and managed in APM

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

New Custom Application Role - Steps

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

New Custom Application Role - Steps

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

New Custom Application Role - Steps

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

New Custom Application Role - Steps