Anda di halaman 1dari 46

1

For Oracle employees and authorized partners only. Do not distribute to third parties.

1-1

2013 Oracle Corporation Proprietary and Confidential

<Insert Picture Here>

Job Roles and Duty Roles

Safe Harbor Statement


The following is intended to outline our general
product direction. It is intended for information
purposes only, and may not be incorporated into any
contract. It is not a commitment to deliver any
material, code, or functionality, and should not be
relied upon in making purchasing decisions.
The development, release, and timing of any
features or functionality described for Oracles
products remains at the sole discretion of Oracle.

3
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Oracle Training Materials Usage


Agreement
Use of this Site (Site) or Materials constitutes agreement with the following terms and conditions:
1. Oracle Corporation (Oracle) is pleased to allow its business partner (Partner) to download and copy
the information, documents, and the online training courses (collectively, Materials") found on this Site.
The use of the Materials is restricted to the non-commercial, internal training of the Partners employees
only. The Materials may not be used for training, promotion, or sales to customers or other partners or
third parties.
2. All the Materials are trademarks of Oracle and are proprietary information of Oracle. Partner or other
third party at no time has any right to resell, redistribute or create derivative works from the Materials.
3. Oracle disclaims any warranties or representations as to the accuracy or completeness of any
Materials. Materials are provided "as is" without warranty of any kind, either express or implied, including
without limitation warranties of merchantability, fitness for a particular purpose, and non-infringement.
4. Under no circumstances shall Oracle or the Oracle Authorized Delivery Partner be liable for any loss,
damage, liability or expense incurred or suffered which is claimed to have resulted from use of this Site of
Materials. As a condition of use of the Materials, Partner agrees to indemnify Oracle from and against any
and all actions, claims, losses, damages, liabilities and expenses (including reasonable attorneys' fees)
arising out of Partners use of the Materials.
5. Reference materials including but not limited to those identified in the Boot Camp manifest can not be
redistributed in any format without Oracle written consent.
4
For Oracle employees and authorized partners only. Do not distribute to third parties.

1-4

2013 Oracle Corporation Proprietary and Confidential

Agenda
Job Roles and Duty Roles
HCM security management data stores
Regenerating data roles

5
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Learning Objectives
At the end of this lesson you should be able to:
Describe Job Roles and Duty Roles
Understand HCM security management data stores
Explain regenerating data roles

6
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Section 1:

Describe Job Roles and Duty


Roles

7
For Oracle employees and authorized partners only. Do not distribute to third parties.

1-7

2013 Oracle Corporation Proprietary and Confidential

Fusion Applications Security Model


Role-Based Access Control

Access is via Roles

8
For Oracle employees and authorized partners only. Do not distribute to third parties.

1-8

2013 Oracle Corporation Proprietary and Confidential

Fusion Application Secuirty Model


Role-Based Access Control

WHO can do WHAT on WHICH set of data?


Who

What

Which Data

Line Managers

Can create
performance
document

For workers in their


reporting hierarchy

Employees

Can view pay slip

For themselves

Payroll Managers

Can report payroll


balances

For specified
payrolls

Human Resource
Specialists

Can transfer
employees

For specified
countries
9

For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Types of Roles
Abstract Role

Data Role

Job Role

Duty Role

Assigned directly
to the users

Assigned directly
to the users

Not assigned
directly to the
users

Not assigned
directly to the
users

e.g. Employee,
Line Manager
and Contingent
Worker

e.g.
HRSpecialist_View
All, Payroll
Administrator US
Dept1 etc

e.g. Payroll
Administrator ,
Compensation
Analyst etc

Security privileges
attached
functional
privileges and
data privileges

10
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Types of Roles
Abstract Role
Abstract roles define a worker's role in the enterprise
independently of the job that the worker is hired to do.

11
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Types of Roles
Data Role
Data role allows a user to access a set of workers/organizations
for a given task

12
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Types of Roles
Data Role (Security Profiles)
Security profiles are used to create data roles

13
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Types of Roles
Job Role
A job role provides the access to a set of tasks that a worker
is hired to perform

14
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Types of Roles
Duty Role
A duty role represent
the individual duties
that users with those
job or abstract roles
can perform. Duty
roles are inherited by
job and abstract roles;
they can also be
inherited by other duty
roles

15
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Implementing Job Roles

16
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Implementing Job Roles

17
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Implementing Job Roles

18
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Implementing Job Roles

19
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Manage Job Roles

20
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Manage Job Roles

21
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Manage Job Roles

22
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Manage Job Roles

23
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Manage Job Roles

24
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Manage Duty Roles

25
For Oracle employees and authorized partners only. Do not distribute to third parties.

1 - 25

2013 Oracle Corporation Proprietary and Confidential

Manage Duty Roles

26
For Oracle employees and authorized partners only. Do not distribute to third parties.

1 - 26

2013 Oracle Corporation Proprietary and Confidential

Manage Duty Roles

27
For Oracle employees and authorized partners only. Do not distribute to third parties.

1 - 27

2013 Oracle Corporation Proprietary and Confidential

Manage Duty Roles

28
For Oracle employees and authorized partners only. Do not distribute to third parties.

1 - 28

2013 Oracle Corporation Proprietary and Confidential

Manage Duty Roles

29
For Oracle employees and authorized partners only. Do not distribute to third parties.

1 - 29

2013 Oracle Corporation Proprietary and Confidential

Manage Duty Roles

30
For Oracle employees and authorized partners only. Do not distribute to third parties.

1 - 30

2013 Oracle Corporation Proprietary and Confidential

Manage Duty Roles

31
For Oracle employees and authorized partners only. Do not distribute to third parties.

1 - 31

2013 Oracle Corporation Proprietary and Confidential

Manage Duty Roles

32
For Oracle employees and authorized partners only. Do not distribute to third parties.

1 - 32

2013 Oracle Corporation Proprietary and Confidential

Manage Duty Roles

33
For Oracle employees and authorized partners only. Do not distribute to third parties.

1 - 33

2013 Oracle Corporation Proprietary and Confidential

Role Inheritance Recap

34
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Role Inheritance Recap

4
35
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

1
36
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Welcome Hailie, our new Compensation Manager!


US Compensation Manager Data Role
US Organizations
Non Executive Positions
US Legislative Data Group
Comp Related Document Types

Hailie is provisioned with the Compensation Manager


role

plus the Employee and Line Manager Abstract Roles

37
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Section 2:

Understand HCM security


management data stores

38
For Oracle employees and authorized partners only. Do not distribute to third parties.

1 - 38

2013 Oracle Corporation Proprietary and Confidential

HCM Security Management Data Stores

39
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Section 3:

Explain regenerating data


roles

40
For Oracle employees and authorized partners only. Do not distribute to third parties.

1 - 40

2013 Oracle Corporation Proprietary and Confidential

Regenerating Data Roles


Regenerate a data role if you make any changes to the
role hierarchy that underlies the data role

41
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Summary of the lesson

Understanding of Fusion Security Model


Different types of roles and how they are defined
Managing Job Roles and Duty Roles
Understanding of HCM security management data
stores
Regenerating data roles

42
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

Module Review

43
For Oracle employees and authorized partners only. Do not distribute to third parties.

1 - 43

2013 Oracle Corporation Proprietary and Confidential

Key Points
Job roles represent the jobs into which users are hired
Users are directly assigned to abstract roles, but they
are not directly assigned to job roles
Abstract and job roles inherit many duty roles
Oracle Identity Manager (OIM) maintains user accounts
in the Oracle Fusion Applications Identity Store
Duty roles are created in Authorization Policy Manager
(APM) and stored in the Policy Store, along with
function security policies
Regenerating a role causes all its data security policies
to be updated based on changes to its role hierarchy

44
For Oracle employees and authorized partners only. Do not distribute to third parties.
2013 Oracle Corporation Proprietary and Confidential

45
For Oracle employees and authorized partners only. Do not distribute to third parties.

1 - 45

2013 Oracle Corporation Proprietary and Confidential

46
For Oracle employees and authorized partners only. Do not distribute to third parties.

1 - 46

2013 Oracle Corporation Proprietary and Confidential