Restrict the people visible to each user using this profile Oracle HRMS
assesses the custom security when the user signs on. In addition, the custom
security code can include references to user specific variables, for example,
fnd_profile.value() and fnd_global.employee_id.
15. Enter a valid SQL WHERE clause fragment to select a group of records.
For example, to add a restriction that assignments must be based in either
London or Paris, add the following SQL fragment: ASSIGNMENT.location_id in
(select LOC.location_id
from hr_locations_all LOC
where
LOC.location_code
in ('London','Paris')) Alternatively, you could create
custom code to use user-specific variables. The following example illustrates
the use of user-specific variables: In this example, the custom code creates a
rule whereby a user can display employees or contingent workers whose last
name begins with the same letter as their own. The security profile is called
"Same first letter of last name". substr(person.last_name,1,1) = (select
substr(i.last_name,1,1) from per_all_people_f i where i.person_id =
fnd_global.employee_id and trunc(sysdate) between i.effective_start_date
and i.effective_end_date) Note: In addition, the View Employees or View
Contingent Workers option is set to Restricted, and the "Restrict the people
visible to each using this profile" option is set on the Custom Security tab.
If the clause is valid, it is automatically incorporated in an SQL select
statement that the system generates to restrict access to records, based on
the restrictions you have set up in the other tabbed regions. The list of
employees, contingent workers, and applicants specified by these other
restrictions is therefore further restricted by the custom restriction. The
clause fits into the system-generated statement in the following way (this
statement is not visible on screen):
Security Rules
1-55
16. Choose the Verify button to check that the clause you have entered is
valid. If it is invalid, an error message appears explaining the reasons.
Using Static Lists 17. Static lists enable you to assess security periodically
and store the data. You add users to the static list and their security
permissions are evaluated when the Security List Maintenance process is run.
Oracle HRMS stores the permissions for quick retrieval when the user logs on
and freezes the permissions until you run the Security List Maintenance
process again. To specify which users to include in a static list, enter the user
ID in the field.
18. To include a specific user or group of users in the next Security List
Maintenance run, select the Process in Next Run option for those users.
19. Save your work.
What's Next
When you have modified or created new security profiles, it may be
necessary to run security processes to activate your changes. See: Security
Processes, page 1-17 See: Running the Security List Maintenance Process,
page 1-58
1-56 Oracle Human Resources Management Systems Configuring,
Reporting, and System Administration Guide
Assigning Security Profiles Use the Assign Security Profile window to link user
names, and security profiles to responsibilities. Only use this window if you
are using Security Groups Enabled security (formerly called Cross Business
Group Responsibility security). Important: When using Security Groups
Enabled security even if you have linked a user to a responsibility using the
User window, you must still link your user to responsibility and security profile
using the HRMS Assign Security Profile window. If you do not use the Assign
Security Profile window, HRMS uses the default view-all security profile for the
Business Group and the user will see all records for the Business Group.
The Assign Security Profile window is an essential part of setting up and
maintaining HRMS security for Security Groups Enabled security. You must
use this window to update your security profile assignment. Any changes
entered for the security profile assignment are also shown on the User
window. However, if you end date a user's responsibility using the User
window, this is not shown on the Assign Security Profile window. When you
navigate to the Assign Security Profile window, the Find Security Profile
Assignments window displays automatically. Select New to create a new
assignment. For information about querying existing security profile
assignments, see Using the Find Security Profile Assignment window, page 1-
57.
To assign a new security profile: 1. Enter the user name you want to link to a
responsibility.
2. Enter the application and responsibility you want to link to the user.
3. To assign a local security profile, select a business group to assign to the
user's responsibility. The local security profile for the business group is
automatically entered when you click in the Security Profile field.
4. To assign a global security profile, first select the security profile to assign
to the user's responsibility, thenselect a business group. Note: If you enter a
value in the Business Group field first, the list of security profiles is filtered
and does not display security profiles for any other business groups.
You can link more than one security profile to a responsibility as long as the
user is different.
Security Rules
1-57
5. Enter the time period of security profile assignment. You must enter a start
date. Optionally, enter an end date if you want the security profile
assignment to end on a particular date.
6. Save the security profile assignment.
To end a security profile assignment: You cannot delete security profile
assignments. If a user no longer needs an assignment you must enter an end
date. 1. Query the security profile assignment you want to end.
2. Enter an end date. The user cannot use this responsibility, Business Group
and security profile from this date.
Using the Find Security Profile Assignment window This window enables you
to search for security profile assignments that have already been set up. You
only use security profile assignments if you are setting up Security Groups
Enabled security. If you want to set up a new security profile assignment
select the New button. For more information on setting up new security
profile assignments, see Assigning Security Profiles, page 1-56. Note: When
you navigate to the Assign Security Profiles window, the Find Security Profile
Assignment window automatically displays.
To query a security profile assignment: 1. Enter a full or partial query on one,
a selection or several of the following: User name
Application
Responsibility
Business group
Security profile
Note: If you enter a value in either the Business Group or the Security Profile
field, any value entered in the other field is blanked