Role Based Access Control (RBAC)

An organisation needs to control who can do what on which functions or sets of data under what
conditions. The who is a user here. A user's access is based on the definition of the roles
provisioned (assigned) to the user. Access is defined as entitlement, which consists of privileges.
The what are the abstract operations or entitlement. The which represents the resources being
accessed.
RBAC normalizes access to functions and data through user roles rather than only users. User
access is based on the definition of the roles provisioned to the user. The roles are defined at
functional and technical levels. The functional level is the business definition that is used by
business users and the technical level is the implementation of roles using Oracle Technology.

RBAC is based on the following concepts:

1. Role assignment - A subject can exercise permission only if the subject has selected or
been assigned a role.
2. Role authorization - A subject’s active role must be authorized for the subject. With rule
mentioned above, this rule ensures that users can take on only roles for which they are
authorized.
3. Permission authorization - A subject can exercise a permission only if the permission is
authorized for the subject’s active role. With rules 1 and 2, this rule ensures that users
can exercise only permissions for which they are authorized.

Basically security in Fusion Application is based on Role Based Access Control (RBAC) In Fusion
Applications, the RBAC implementation is based on abstract, job, duty, and data roles that work
together to control access to functions and data. The definitions of these functional roles are as
follows:
ABSTRACT ROLE
This role categorizes the roles for reference implementation. It inherits duty role but does not
contain security policies. For example: Employee, Manager, etc.
JOB ROLE
This role defines a specific job an employee is responsible for. An employee may have many job
roles. It may require the data role to control the actions of the respective objects. For example:
Benefits Manager, Accounts Receivable Specialist, etc.
DATA ROLE
This role defines access to the data within a specific duty. Who can do what on which set of data?
The possible actions are read, update, delete, and manage. Only duty roles hold explicit
entitlement to the data. These entitlements control the privileges such as in a user interface that
can see specific screens, buttons, data columns, and other artifacts.
DUTY ROLE
This role defines a set of tasks. It is the most granular form of a role. The job and abstract roles
inherit duty roles. The data security policies are specified to duty roles to control actions on all
respective objects. Duty Role is the most granular form of role where mainly security policies are
attached and they are implemented as application role in Authorization Policy Manager (APM)
Role Based Access Control (RBAC)
An organisation needs to control who can do what on which functions or sets of data under what
conditions. The who is a user here. A user's access is based on the definition of the roles
provisioned (assigned) to the user. Access is defined as entitlement, which consists of privileges.
The what are the abstract operations or entitlement. The which represents the resources being
accessed.
RBAC normalizes access to functions and data through user roles rather than only users. User
access is based on the definition of the roles provisioned to the user. The roles are defined at
functional and technical levels. The functional level is the business definition that is used by
business users and the technical level is the implementation of roles using Oracle Technology.
RBAC is based on the following concepts:
4. Role assignment - A subject can exercise permission only if the subject has selected or
been assigned a role.
5. Role authorization - A subject’s active role must be authorized for the subject. With rule
mentioned above, this rule ensures that users can take on only roles for which they are
authorized.
6. Permission authorization - A subject can exercise a permission only if the permission is
authorized for the subject’s active role. With rules 1 and 2, this rule ensures that users
can exercise only permissions for which they are authorized.

Basically security in Fusion Application is based on Role Based Access Control (RBAC) In Fusion
Applications, the RBAC implementation is based on abstract, job, duty, and data roles that work
together to control access to functions and data. The definitions of these functional roles are as
follows:
ABSTRACT ROLE
This role categorizes the roles for reference implementation. It inherits duty role but does not
contain security policies. For example: Employee, Manager, etc.
JOB ROLE
This role defines a specific job an employee is responsible for. An employee may have many job
roles. It may require the data role to control the actions of the respective objects. For example:
Benefits Manager, Accounts Receivable Specialist, etc.
DATA ROLE
This role defines access to the data within a specific duty. Who can do what on which set of data?
The possible actions are read, update, delete, and manage. Only duty roles hold explicit
entitlement to the data. These entitlements control the privileges such as in a user interface that
can see specific screens, buttons, data columns, and other artifacts.
DUTY ROLE
This role defines a set of tasks. It is the most granular form of a role. The job and abstract roles
inherit duty roles. The data security policies are specified to duty roles to control actions on all
respective objects. Duty Role is the most granular form of role where mainly security policies are
attached and they are implemented as application role in Authorization Policy Manager (APM)
Role Based Access Control (RBAC)
An organisation needs to control who can do what on which functions or sets of data under what
conditions. The who is a user here. A user's access is based on the definition of the roles
provisioned (assigned) to the user. Access is defined as entitlement, which consists of privileges.
The what are the abstract operations or entitlement. The which represents the resources being
accessed.
RBAC normalizes access to functions and data through user roles rather than only users. User
access is based on the definition of the roles provisioned to the user. The roles are defined at
functional and technical levels. The functional level is the business definition that is used by
business users and the technical level is the implementation of roles using Oracle Technology.

RBAC is based on the following concepts:

7. Role assignment - A subject can exercise permission only if the subject has selected or
been assigned a role.
8. Role authorization - A subject’s active role must be authorized for the subject. With rule
mentioned above, this rule ensures that users can take on only roles for which they are
authorized.
9. Permission authorization - A subject can exercise a permission only if the permission is
authorized for the subject’s active role. With rules 1 and 2, this rule ensures that users
can exercise only permissions for which they are authorized.
Basically security in Fusion Application is based on Role Based Access Control (RBAC) In Fusion
Applications, the RBAC implementation is based on abstract, job, duty, and data roles that work
together to control access to functions and data. The definitions of these functional roles are as
follows:
ABSTRACT ROLE
This role categorizes the roles for reference implementation. It inherits duty role but does not
contain security policies. For example: Employee, Manager, etc.
JOB ROLE
This role defines a specific job an employee is responsible for. An employee may have many job
roles. It may require the data role to control the actions of the respective objects. For example:
Benefits Manager, Accounts Receivable Specialist, etc.
DATA ROLE
This role defines access to the data within a specific duty. Who can do what on which set of data?
The possible actions are read, update, delete, and manage. Only duty roles hold explicit
entitlement to the data. These entitlements control the privileges such as in a user interface that
can see specific screens, buttons, data columns, and other artifacts.
DUTY ROLE
This role defines a set of tasks. It is the most granular form of a role. The job and abstract roles
inherit duty roles. The data security policies are specified to duty roles to control actions on all
respective objects. Duty Role is the most granular form of role where mainly security policies are
attached and they are implemented as application role in Authorization Policy Manager (APM)
Role Based Access Control (RBAC)
An organisation needs to control who can do what on which functions or sets of data under what
conditions. The who is a user here. A user's access is based on the definition of the roles
provisioned (assigned) to the user. Access is defined as entitlement, which consists of privileges.
The what are the abstract operations or entitlement. The which represents the resources being
accessed.
RBAC normalizes access to functions and data through user roles rather than only users. User
access is based on the definition of the roles provisioned to the user. The roles are defined at
functional and technical levels. The functional level is the business definition that is used by
business users and the technical level is the implementation of roles using Oracle Technology.

RBAC is based on the following concepts:

10. Role assignment - A subject can exercise permission only if the subject has selected or
been assigned a role.
11. Role authorization - A subject’s active role must be authorized for the subject. With rule
mentioned above, this rule ensures that users can take on only roles for which they are
authorized.
12. Permission authorization - A subject can exercise a permission only if the permission is
authorized for the subject’s active role. With rules 1 and 2, this rule ensures that users
can exercise only permissions for which they are authorized.

Basically security in Fusion Application is based on Role Based Access Control (RBAC) In Fusion
Applications, the RBAC implementation is based on abstract, job, duty, and data roles that work
together to control access to functions and data. The definitions of these functional roles are as
follows:
ABSTRACT ROLE
This role categorizes the roles for reference implementation. It inherits duty role but does not
contain security policies. For example: Employee, Manager, etc.
JOB ROLE
This role defines a specific job an employee is responsible for. An employee may have many job
roles. It may require the data role to control the actions of the respective objects. For example:
Benefits Manager, Accounts Receivable Specialist, etc.
DATA ROLE
This role defines access to the data within a specific duty. Who can do what on which set of data?
The possible actions are read, update, delete, and manage. Only duty roles hold explicit
entitlement to the data. These entitlements control the privileges such as in a user interface that
can see specific screens, buttons, data columns, and other artifacts.
DUTY ROLE
This role defines a set of tasks. It is the most granular form of a role. The job and abstract roles
inherit duty roles. The data security policies are specified to duty roles to control actions on all
respective objects. Duty Role is the most granular form of role where mainly security policies are
attached and they are implemented as application role in Authorization Policy Manager (APM)
Role Based Access Control (RBAC)
An organisation needs to control who can do what on which functions or sets of data under what
conditions. The who is a user here. A user's access is based on the definition of the roles
provisioned (assigned) to the user. Access is defined as entitlement, which consists of privileges.
The what are the abstract operations or entitlement. The which represents the resources being
accessed.
RBAC normalizes access to functions and data through user roles rather than only users. User
access is based on the definition of the roles provisioned to the user. The roles are defined at
functional and technical levels. The functional level is the business definition that is used by
business users and the technical level is the implementation of roles using Oracle Technology.

RBAC is based on the following concepts:

13. Role assignment - A subject can exercise permission only if the subject has selected or
been assigned a role.
14. Role authorization - A subject’s active role must be authorized for the subject. With rule
mentioned above, this rule ensures that users can take on only roles for which they are
authorized.
15. Permission authorization - A subject can exercise a permission only if the permission is
authorized for the subject’s active role. With rules 1 and 2, this rule ensures that users
can exercise only permissions for which they are authorized.

Basically security in Fusion Application is based on Role Based Access Control (RBAC) In Fusion
Applications, the RBAC implementation is based on abstract, job, duty, and data roles that work
together to control access to functions and data. The definitions of these functional roles are as
follows:
ABSTRACT ROLE
This role categorizes the roles for reference implementation. It inherits duty role but does not
contain security policies. For example: Employee, Manager, etc.
JOB ROLE
This role defines a specific job an employee is responsible for. An employee may have many job
roles. It may require the data role to control the actions of the respective objects. For example:
Benefits Manager, Accounts Receivable Specialist, etc.
DATA ROLE
This role defines access to the data within a specific duty. Who can do what on which set of data?
The possible actions are read, update, delete, and manage. Only duty roles hold explicit
entitlement to the data. These entitlements control the privileges such as in a user interface that
can see specific screens, buttons, data columns, and other artifacts.
DUTY ROLE
This role defines a set of tasks. It is the most granular form of a role. The job and abstract roles
inherit duty roles. The data security policies are specified to duty roles to control actions on all
respective objects. Duty Role is the most granular form of role where mainly security policies are
attached and they are implemented as application role in Authorization Policy Manager (APM)
Role Based Access Control (RBAC)
An organisation needs to control who can do what on which functions or sets of data under what
conditions. The who is a user here. A user's access is based on the definition of the roles
provisioned (assigned) to the user. Access is defined as entitlement, which consists of privileges.
The what are the abstract operations or entitlement. The which represents the resources being
accessed.
RBAC normalizes access to functions and data through user roles rather than only users. User
access is based on the definition of the roles provisioned to the user. The roles are defined at
functional and technical levels. The functional level is the business definition that is used by
business users and the technical level is the implementation of roles using Oracle Technology.

RBAC is based on the following concepts:

16. Role assignment - A subject can exercise permission only if the subject has selected or
been assigned a role.
17. Role authorization - A subject’s active role must be authorized for the subject. With rule
mentioned above, this rule ensures that users can take on only roles for which they are
authorized.
18. Permission authorization - A subject can exercise a permission only if the permission is
authorized for the subject’s active role. With rules 1 and 2, this rule ensures that users
can exercise only permissions for which they are authorized.

Basically security in Fusion Application is based on Role Based Access Control (RBAC) In Fusion
Applications, the RBAC implementation is based on abstract, job, duty, and data roles that work
together to control access to functions and data. The definitions of these functional roles are as
follows:
ABSTRACT ROLE
This role categorizes the roles for reference implementation. It inherits duty role but does not
contain security policies. For example: Employee, Manager, etc.
JOB ROLE
This role defines a specific job an employee is responsible for. An employee may have many job
roles. It may require the data role to control the actions of the respective objects. For example:
Benefits Manager, Accounts Receivable Specialist, etc.
DATA ROLE
This role defines access to the data within a specific duty. Who can do what on which set of data?
The possible actions are read, update, delete, and manage. Only duty roles hold explicit
entitlement to the data. These entitlements control the privileges such as in a user interface that
can see specific screens, buttons, data columns, and other artifacts.
DUTY ROLE
This role defines a set of tasks. It is the most granular form of a role. The job and abstract roles
inherit duty roles. The data security policies are specified to duty roles to control actions on all
respective objects. Duty Role is the most granular form of role where mainly security policies are
attached and they are implemented as application role in Authorization Policy Manager (APM)
Role Based Access Control (RBAC)
An organisation needs to control who can do what on which functions or sets of data under what
conditions. The who is a user here. A user's access is based on the definition of the roles
provisioned (assigned) to the user. Access is defined as entitlement, which consists of privileges.
The what are the abstract operations or entitlement. The which represents the resources being
accessed.
RBAC normalizes access to functions and data through user roles rather than only users. User
access is based on the definition of the roles provisioned to the user. The roles are defined at
functional and technical levels. The functional level is the business definition that is used by
business users and the technical level is the implementation of roles using Oracle Technology.

RBAC is based on the following concepts:

19. Role assignment - A subject can exercise permission only if the subject has selected or
been assigned a role.
20. Role authorization - A subject’s active role must be authorized for the subject. With rule
mentioned above, this rule ensures that users can take on only roles for which they are
authorized.
21. Permission authorization - A subject can exercise a permission only if the permission is
authorized for the subject’s active role. With rules 1 and 2, this rule ensures that users
can exercise only permissions for which they are authorized.

Basically security in Fusion Application is based on Role Based Access Control (RBAC) In Fusion
Applications, the RBAC implementation is based on abstract, job, duty, and data roles that work
together to control access to functions and data. The definitions of these functional roles are as
follows:
ABSTRACT ROLE
This role categorizes the roles for reference implementation. It inherits duty role but does not
contain security policies. For example: Employee, Manager, etc.
JOB ROLE
This role defines a specific job an employee is responsible for. An employee may have many job
roles. It may require the data role to control the actions of the respective objects. For example:
Benefits Manager, Accounts Receivable Specialist, etc.
DATA ROLE
This role defines access to the data within a specific duty. Who can do what on which set of data?
The possible actions are read, update, delete, and manage. Only duty roles hold explicit
entitlement to the data. These entitlements control the privileges such as in a user interface that
can see specific screens, buttons, data columns, and other artifacts.
DUTY ROLE
This role defines a set of tasks. It is the most granular form of a role. The job and abstract roles
inherit duty roles. The data security policies are specified to duty roles to control actions on all
respective objects. Duty Role is the most granular form of role where mainly security policies are
attached and they are implemented as application role in Authorization Policy Manager (APM)
Role Based Access Control (RBAC)
An organisation needs to control who can do what on which functions or sets of data under what
conditions. The who is a user here. A user's access is based on the definition of the roles
provisioned (assigned) to the user. Access is defined as entitlement, which consists of privileges.
The what are the abstract operations or entitlement. The which represents the resources being
accessed.
RBAC normalizes access to functions and data through user roles rather than only users. User
access is based on the definition of the roles provisioned to the user. The roles are defined at
functional and technical levels. The functional level is the business definition that is used by
business users and the technical level is the implementation of roles using Oracle Technology.

RBAC is based on the following concepts:

22. Role assignment - A subject can exercise permission only if the subject has selected or
been assigned a role.
23. Role authorization - A subject’s active role must be authorized for the subject. With rule
mentioned above, this rule ensures that users can take on only roles for which they are
authorized.
24. Permission authorization - A subject can exercise a permission only if the permission is
authorized for the subject’s active role. With rules 1 and 2, this rule ensures that users
can exercise only permissions for which they are authorized.

Basically security in Fusion Application is based on Role Based Access Control (RBAC) In Fusion
Applications, the RBAC implementation is based on abstract, job, duty, and data roles that work
together to control access to functions and data. The definitions of these functional roles are as
follows:
ABSTRACT ROLE
This role categorizes the roles for reference implementation. It inherits duty role but does not
contain security policies. For example: Employee, Manager, etc.
JOB ROLE
This role defines a specific job an employee is responsible for. An employee may have many job
roles. It may require the data role to control the actions of the respective objects. For example:
Benefits Manager, Accounts Receivable Specialist, etc.
DATA ROLE
This role defines access to the data within a specific duty. Who can do what on which set of data?
The possible actions are read, update, delete, and manage. Only duty roles hold explicit
entitlement to the data. These entitlements control the privileges such as in a user interface that
can see specific screens, buttons, data columns, and other artifacts.
DUTY ROLE
This role defines a set of tasks. It is the most granular form of a role. The job and abstract roles
inherit duty roles. The data security policies are specified to duty roles to control actions on all
respective objects. Duty Role is the most granular form of role where mainly security policies are
attached and they are implemented as application role in Authorization Policy Manager (APM)