SlideShare a Scribd company logo

Oracle Fusion Role Mappings

Feras Ahmad
Feras Ahmad

Oracle Fusion Role Mappings

Technology
1 of 7
Download to read offline
Fusion Role Mappings An Oracle White Paper October 2011
Fusion Role Mappings Introduction.........................................................................................................3 How to access Role Mappings..........................................................................3 Basic Principles....................................................................................................4 Auto provisioning................................................................................................4 Requestable roles.................................................................................................4 Self Requestable Roles........................................................................................5 Termination..........................................................................................................5 Running Auto Provisioning...............................................................................6 Fusion Role Mappings Page 2
Fusion Role Mappings INTRODUCTION In Fusion, access to all parts of the system is controlled with Enterprise Roles in LDAP. Granting roles to a user is essential to allow them to access the system, and at the same time making sure that only the right people have access to roles is necessary for security reasons. Within Fusion, the Role Mapping definitions or Role Provisioning Rules is the mechanism used both to automatically grant the correct roles to users, and to restrict who has access to request roles for themselves or assign roles to others. Any role that will be provisioned to your users, must be defined in a role mapping definition. HOW TO ACCESS ROLE MAPPINGS To access the role mappings screen, you must log in with a user who has the IT Security Manager role. When you do that, navigate to the Setup and Maintenance area, and search for the task Manage HCM Role Provisioning Rules. Click on Go to Task to go to the screen to search for existing Role Mappings. Here you can either search for existing role mappings, or click on the Create icon to create a new role mapping. Fusion Role Mappings Page 3
BASIC PRINCIPLES When creating role mappings, it is key to understand the basic principles behind the screen. AUTO PROVISIONING The role mappings are intended to automate the granting of the most common roles to users in the system to help reduce the workload of the managers and administrators. Most customers find that 80% of their role assignments are covered by a dozen role mappings. An example that may cover most of your role mappings is; Role Condition Employee Assignment Type = Employee, Assignment Status=Active Line Manager Assignment Type = Employee, Assignment Status=Active, Manager with Reports = Yes Sales Manager Assignment Status=Active, Resource Role=Channel Sales Manager HR Specialist Assignment Status=Active, Department = Human Resources US Financial Analyst Assignment Status=Active, Department=Finance, Legal Employer=Vision US You will note that this doesn’t cover 80% of the roles you may use, but rather 80% of the role assignments. Beyond this, most customers have a large number of roles, assigned to a low number of users. For that scenario, we will define a separate Requestable roles mapping definition instead. It is also important to note that Autoprovisioned roles are allocated to a user based on the user’s HR record and their TCA party data. It does not depend on the data of the logged in user, but on the user who is receiving the roles. REQUESTABLE ROLES In addition to the most common roles that you have auto-provisioned, you probably have a number of other roles in use that are only typically assigned to a few people. It is more efficient to set these up as being requestable by the appropriate people in your organization. It is also important to note that no roles are requestable unless you add them to the list. This is for security reasons, so that, for example, a rogue employee or employees can’t request a highly-privileged role for someone else in their team. You might therefore want to split the roles that you want to make requestable by anyone in to one group, and those that you want requestable by a limited number of people in to another group. Here is an example of that; Role Condition Expenses Auditor Expenses Manager Assignment Type = Employee, Assignment Fusion Role Mappings Page 4
Expenses Analyst Financial Analyst Financial Application Administrator Financial Supply Chain Manufacturing Application Administrator Human Resources Analyst Benefits Administrator … Status=Active, Manager with Reports = Yes Functional Setups User IT Security Manager Assignment Status=Active, Job=Human Resource Manager In this case, the person requesting the role on behalf of others must match these criteria themselves, so in this example any line manager can request that one of their employees be assigned one of the long list of roles, but only someone with the job of HR Manager can request the two restricted roles be granted to someone. The former is where the majority of the roles are expected to be in most installations. SELF REQUESTABLE ROLES Sometimes you want your employees to have access to some functionality if they need it, but don’t want to push it out to everyone, because it may needlessly clutter their screens. For example, you may want to allow employees to request the Expenses role if they need to submit expenses, but don’t want to have it there by default. Under those circumstances, you can make a role self requestable. When someone whose employee record matches the criteria enters the My Account screen, they are then able to request that role. Here is an example of that; Role Condition Expenses User Procurement Requestor Assignment Type = Employee, Assignment Status=Active TERMINATION You will have noticed that all of the examples so far have conditions with the Assignment Status set to Active. This will restrict those roles to be granted to active employees only. Once the employees are terminated, they will loose all manually provisioned roles, and any automatically provisioned roles which they are no longer entitled to. If they have no roles left, their user account will also be suspended on the next working day. It is important to note though that it is valid to have roles which are applicable both before and after termination, or even only after termination. Some examples are that you might want to grant access to your job site to all past and present employees so that they can apply for new jobs. Or you might need to grant access to expenses and benefits to ex-employees so that they can manage their affairs after termination. In the recruiting example, you would simply not specify the Assignment Status, and in the Benefits and Expenses example, you would specify an Assignment Status of Inactive. Fusion Role Mappings Page 5
RUNNING AUTO PROVISIONING Auto-provisioning of roles will occur whenever an employee is hired, terminated, or any of their employment data is changed. If a past or present-dated change is made, the roles will be auto-provisioned as of today. If a future-dated change is made, the roles will be auto-provisioned when that future date arrives. To enable this functionality to work correctly, you must schedule the Person Synchronization and ProcessLdapRequests ESS jobs to run once a day. If you create a new auto provisioning rule, it will not be applied to users until their data changes. To apply the rule immediately, press the Apply Autoprovisioning button on the Role Mappings page. Note, this will run auto provisioning for all users for all role mappings, so if you are creating multiple role mappings wait until you have created them all before choosing this button. This is a very process intensive task, so you would be best advised to plan to create your role mappings carefully. Bulk Loading When bulk loading people thorough interfaces such as HR2HR, roles will be auto-provisioned for all of the people according to the rules that you have defined. However, the roles will not be added to the users immediately in this mode. They will be held in a queue until the batch has finished loading. To process the requests to modify users and roles after loading the people, run the ProcessLdapRequests ESS job. If you are loading a lot of historic data in one single HR2HR run, a auto provisioning will run for each and every row in the person’s history. If someone’s role entitlement has changed several times over their history, the HR2HR load will grant them all of the roles that they would be entitled to over this period. To remove any unwanted roles at the end of loading the history in this way, run the Apply Autoprovisioning functionality on the role mappings screen. Fusion Role Mappings Page 6
Fusion Role Mappings October 2011 Author: Martin Millmore Contributing Authors: Stephanie Dorrer Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: Phone: +1.650.506.7000 Fax: +1.650.506.7200 www.oracle.com Oracle Corporation provides the software that powers the internet. Oracle is a registered trademark of Oracle Corporation. Various product and service names referenced herein may be trademarks of Oracle Corporation. All other product and service names mentioned may be trademarks of their respective owners. Copyright © 2011 Oracle Corporation All rights reserved.

Recommended

How to create payslip through self service
How to create payslip through self serviceHow to create payslip through self service
How to create payslip through self service
Feras Ahmad
 
Oracle EBS R 12 Core hr user manual
Oracle EBS R 12 Core hr user manualOracle EBS R 12 Core hr user manual
Oracle EBS R 12 Core hr user manual
Feras Ahmad
 
Olm implementation steps
Olm implementation stepsOlm implementation steps
Olm implementation steps
Feras Ahmad
 
Oracle HRMS Payroll Table Overview
Oracle HRMS Payroll Table OverviewOracle HRMS Payroll Table Overview
Oracle HRMS Payroll Table Overview
Chris Martin
 
Accrual plan set up in oracle hrms
Accrual plan set up in oracle hrmsAccrual plan set up in oracle hrms
Accrual plan set up in oracle hrms
Rajiv reddy
 
Oracle EBS Self service from A to Z
Oracle EBS Self service from A to ZOracle EBS Self service from A to Z
Oracle EBS Self service from A to Z
Feras Ahmad
 
Oracle HRMS Proration
Oracle HRMS ProrationOracle HRMS Proration
Oracle HRMS Proration
runjithrocking
 
Hr profile option
Hr profile optionHr profile option
Hr profile option
Feras Ahmad
 

Recommended

How to create payslip through self service
How to create payslip through self serviceHow to create payslip through self service
How to create payslip through self service
Feras Ahmad
 
Oracle EBS R 12 Core hr user manual
Oracle EBS R 12 Core hr user manualOracle EBS R 12 Core hr user manual
Oracle EBS R 12 Core hr user manual
Feras Ahmad
 
Olm implementation steps
Olm implementation stepsOlm implementation steps
Olm implementation steps
Feras Ahmad
 
Oracle HRMS Payroll Table Overview
Oracle HRMS Payroll Table OverviewOracle HRMS Payroll Table Overview
Oracle HRMS Payroll Table Overview
Chris Martin
 
Accrual plan set up in oracle hrms
Accrual plan set up in oracle hrmsAccrual plan set up in oracle hrms
Accrual plan set up in oracle hrms
Rajiv reddy
 
Oracle EBS Self service from A to Z
Oracle EBS Self service from A to ZOracle EBS Self service from A to Z
Oracle EBS Self service from A to Z
Feras Ahmad
 
Oracle HRMS Proration
Oracle HRMS ProrationOracle HRMS Proration
Oracle HRMS Proration
runjithrocking
 
Hr profile option
Hr profile optionHr profile option
Hr profile option
Feras Ahmad
 
How to debug a fast formula
How to debug a fast formulaHow to debug a fast formula
How to debug a fast formula
Feras Ahmad
 
The Goal with performance details Oracle Fusion Cloud
The Goal with performance details Oracle Fusion CloudThe Goal with performance details Oracle Fusion Cloud
The Goal with performance details Oracle Fusion Cloud
Feras Ahmad
 
Oracle EBS R12 Payroll user manual
Oracle EBS R12 Payroll user manualOracle EBS R12 Payroll user manual
Oracle EBS R12 Payroll user manual
Feras Ahmad
 
Query all roles and duties and privileges Oracle Fusion Cloud
Query all roles and duties and privileges Oracle Fusion CloudQuery all roles and duties and privileges Oracle Fusion Cloud
Query all roles and duties and privileges Oracle Fusion Cloud
Feras Ahmad
 
Oracle EBS HRMS SETUP
Oracle EBS HRMS SETUPOracle EBS HRMS SETUP
Oracle EBS HRMS SETUP
Hussain Abbas
 
Oracle HCM Cloud Core HR Workforce Structures Table Relationships
Oracle HCM Cloud Core HR Workforce Structures Table RelationshipsOracle HCM Cloud Core HR Workforce Structures Table Relationships
Oracle HCM Cloud Core HR Workforce Structures Table Relationships
Sricharan
 
DBI database Items Query Oracle Fusion Cloud
DBI database Items Query Oracle Fusion CloudDBI database Items Query Oracle Fusion Cloud
DBI database Items Query Oracle Fusion Cloud
Feras Ahmad
 
Oracle Fusion Employment Models
Oracle Fusion Employment ModelsOracle Fusion Employment Models
Oracle Fusion Employment Models
Feras Ahmad
 
Payroll process in oracle hrms
Payroll process in oracle hrmsPayroll process in oracle hrms
Payroll process in oracle hrms
Faisal Anwar
 
Oracle hrms basic features and functionalities(for R11i and R12)
Oracle hrms basic features and functionalities(for R11i and R12)Oracle hrms basic features and functionalities(for R11i and R12)
Oracle hrms basic features and functionalities(for R11i and R12)
Manish Goel, PMP
 
Oracle HRMS & Payroll
Oracle HRMS & PayrollOracle HRMS & Payroll
Oracle HRMS & Payroll
Nitin Maheshwari
 
Hrms for beginners
Hrms for beginnersHrms for beginners
Hrms for beginners
sravan46
 
142500146 using-oracle-fast formula-for-payroll-calculations
142500146 using-oracle-fast formula-for-payroll-calculations142500146 using-oracle-fast formula-for-payroll-calculations
142500146 using-oracle-fast formula-for-payroll-calculations
uday reddy
 
Oracle ebs otl setup document
Oracle ebs otl setup documentOracle ebs otl setup document
Oracle ebs otl setup document
Feras Ahmad
 
Training Guide Oracle EBS R12 Performance Management
Training Guide Oracle EBS R12 Performance ManagementTraining Guide Oracle EBS R12 Performance Management
Training Guide Oracle EBS R12 Performance Management
Feras Ahmad
 
Understanding and using life event checklists in oracle hrms r12
Understanding and using life event checklists in oracle hrms r12Understanding and using life event checklists in oracle hrms r12
Understanding and using life event checklists in oracle hrms r12
MuhammadAbubakar206124
 
Oracle HRMS Accrual plan Setup
Oracle HRMS Accrual plan SetupOracle HRMS Accrual plan Setup
Oracle HRMS Accrual plan Setup
Feras Ahmad
 
One time payment requests in Oracle ERP Cloud
One time payment requests in Oracle ERP CloudOne time payment requests in Oracle ERP Cloud
One time payment requests in Oracle ERP Cloud
Prithis Das, PMP, OCS ☁️
 
Fusion hcm roles information
Fusion hcm roles informationFusion hcm roles information
Fusion hcm roles information
Santosh Mankala
 
Hire employee in Oracle Fusion Cloud HCM
Hire employee in Oracle Fusion Cloud HCMHire employee in Oracle Fusion Cloud HCM
Hire employee in Oracle Fusion Cloud HCM
Feras Ahmad
 
Whitepaper: Continuous Compliance in SAP Environments - Happiest Minds
Whitepaper: Continuous Compliance in SAP Environments - Happiest MindsWhitepaper: Continuous Compliance in SAP Environments - Happiest Minds
Whitepaper: Continuous Compliance in SAP Environments - Happiest Minds
Happiest Minds Technologies
 
Continuous Compliance-in-Sap-Environments
Continuous Compliance-in-Sap-EnvironmentsContinuous Compliance-in-Sap-Environments
Continuous Compliance-in-Sap-Environments
happiestmindstech
 

More Related Content

What's hot

142500146 using-oracle-fast formula-for-payroll-calculations
142500146 using-oracle-fast formula-for-payroll-calculations142500146 using-oracle-fast formula-for-payroll-calculations
142500146 using-oracle-fast formula-for-payroll-calculations
uday reddy
 
Understanding and using life event checklists in oracle hrms r12
Understanding and using life event checklists in oracle hrms r12Understanding and using life event checklists in oracle hrms r12
Understanding and using life event checklists in oracle hrms r12
MuhammadAbubakar206124
 
Fusion hcm roles information
Fusion hcm roles informationFusion hcm roles information
Fusion hcm roles information
Santosh Mankala
 

What's hot (20)

How to debug a fast formula
How to debug a fast formulaHow to debug a fast formula
How to debug a fast formula
 
The Goal with performance details Oracle Fusion Cloud
The Goal with performance details Oracle Fusion CloudThe Goal with performance details Oracle Fusion Cloud
The Goal with performance details Oracle Fusion Cloud
 
Oracle EBS R12 Payroll user manual
Oracle EBS R12 Payroll user manualOracle EBS R12 Payroll user manual
Oracle EBS R12 Payroll user manual
 
Query all roles and duties and privileges Oracle Fusion Cloud
Query all roles and duties and privileges Oracle Fusion CloudQuery all roles and duties and privileges Oracle Fusion Cloud
Query all roles and duties and privileges Oracle Fusion Cloud
 
Oracle EBS HRMS SETUP
Oracle EBS HRMS SETUPOracle EBS HRMS SETUP
Oracle EBS HRMS SETUP
 
Oracle HCM Cloud Core HR Workforce Structures Table Relationships
Oracle HCM Cloud Core HR Workforce Structures Table RelationshipsOracle HCM Cloud Core HR Workforce Structures Table Relationships
Oracle HCM Cloud Core HR Workforce Structures Table Relationships
 
DBI database Items Query Oracle Fusion Cloud
DBI database Items Query Oracle Fusion CloudDBI database Items Query Oracle Fusion Cloud
DBI database Items Query Oracle Fusion Cloud
 
Oracle Fusion Employment Models
Oracle Fusion Employment ModelsOracle Fusion Employment Models
Oracle Fusion Employment Models
 
Payroll process in oracle hrms
Payroll process in oracle hrmsPayroll process in oracle hrms
Payroll process in oracle hrms
 
Oracle hrms basic features and functionalities(for R11i and R12)
Oracle hrms basic features and functionalities(for R11i and R12)Oracle hrms basic features and functionalities(for R11i and R12)
Oracle hrms basic features and functionalities(for R11i and R12)
 
Oracle HRMS & Payroll
Oracle HRMS & PayrollOracle HRMS & Payroll
Oracle HRMS & Payroll
 
Hrms for beginners
Hrms for beginnersHrms for beginners
Hrms for beginners
 
142500146 using-oracle-fast formula-for-payroll-calculations
142500146 using-oracle-fast formula-for-payroll-calculations142500146 using-oracle-fast formula-for-payroll-calculations
142500146 using-oracle-fast formula-for-payroll-calculations
 
Oracle ebs otl setup document
Oracle ebs otl setup documentOracle ebs otl setup document
Oracle ebs otl setup document
 
Training Guide Oracle EBS R12 Performance Management
Training Guide Oracle EBS R12 Performance ManagementTraining Guide Oracle EBS R12 Performance Management
Training Guide Oracle EBS R12 Performance Management
 
Understanding and using life event checklists in oracle hrms r12
Understanding and using life event checklists in oracle hrms r12Understanding and using life event checklists in oracle hrms r12
Understanding and using life event checklists in oracle hrms r12
 
Oracle HRMS Accrual plan Setup
Oracle HRMS Accrual plan SetupOracle HRMS Accrual plan Setup
Oracle HRMS Accrual plan Setup
 
One time payment requests in Oracle ERP Cloud
One time payment requests in Oracle ERP CloudOne time payment requests in Oracle ERP Cloud
One time payment requests in Oracle ERP Cloud
 
Fusion hcm roles information
Fusion hcm roles informationFusion hcm roles information
Fusion hcm roles information
 
Hire employee in Oracle Fusion Cloud HCM
Hire employee in Oracle Fusion Cloud HCMHire employee in Oracle Fusion Cloud HCM
Hire employee in Oracle Fusion Cloud HCM
 

Similar to Oracle Fusion Role Mappings

Workflow analysis
Workflow analysisWorkflow analysis
Workflow analysis
WAQAR AHMED
 
Agile Recruiting White Paper
Agile Recruiting White PaperAgile Recruiting White Paper
Agile Recruiting White Paper
Amber Grewal
 

Similar to Oracle Fusion Role Mappings (20)

Whitepaper: Continuous Compliance in SAP Environments - Happiest Minds
Whitepaper: Continuous Compliance in SAP Environments - Happiest MindsWhitepaper: Continuous Compliance in SAP Environments - Happiest Minds
Whitepaper: Continuous Compliance in SAP Environments - Happiest Minds
 
Continuous Compliance-in-Sap-Environments
Continuous Compliance-in-Sap-EnvironmentsContinuous Compliance-in-Sap-Environments
Continuous Compliance-in-Sap-Environments
 
Mrs doc
Mrs docMrs doc
Mrs doc
 
Job Description Essay
Job Description EssayJob Description Essay
Job Description Essay
 
13 define positions
13 define positions13 define positions
13 define positions
 
Purchasing setup steps
Purchasing setup stepsPurchasing setup steps
Purchasing setup steps
 
Oracle Purchasing R12 Setup Steps
Oracle Purchasing R12 Setup StepsOracle Purchasing R12 Setup Steps
Oracle Purchasing R12 Setup Steps
 
Oracle R12 Purchasing setup
Oracle R12 Purchasing setupOracle R12 Purchasing setup
Oracle R12 Purchasing setup
 
impro.ppt
impro.pptimpro.ppt
impro.ppt
 
Workflow analysis
Workflow analysisWorkflow analysis
Workflow analysis
 
17 define workforce records
17 define workforce records17 define workforce records
17 define workforce records
 
12 define jobs
12 define jobs12 define jobs
12 define jobs
 
08 define enterprise hcm information
08 define enterprise hcm information08 define enterprise hcm information
08 define enterprise hcm information
 
Exam presentation
Exam presentationExam presentation
Exam presentation
 
06 job and position structures esc
06 job and position structures esc06 job and position structures esc
06 job and position structures esc
 
Fujcci crp oracle payroll
Fujcci crp oracle payrollFujcci crp oracle payroll
Fujcci crp oracle payroll
 
SAP MM Authorization Matrix and User roles.pdf
SAP MM Authorization Matrix and User roles.pdfSAP MM Authorization Matrix and User roles.pdf
SAP MM Authorization Matrix and User roles.pdf
 
Introduction on sap security
Introduction on sap securityIntroduction on sap security
Introduction on sap security
 
GRC Agile Cheat Sheet v1.0
GRC Agile Cheat Sheet v1.0GRC Agile Cheat Sheet v1.0
GRC Agile Cheat Sheet v1.0
 
Agile Recruiting White Paper
Agile Recruiting White PaperAgile Recruiting White Paper
Agile Recruiting White Paper
 

More from Feras Ahmad

More from Feras Ahmad (20)

Oracle Fusion HCM Payroll Process Flow.pdf
Oracle Fusion HCM Payroll Process Flow.pdfOracle Fusion HCM Payroll Process Flow.pdf
Oracle Fusion HCM Payroll Process Flow.pdf
 
Configure Flexfield Parameters in Value Sets for Document Records.docx
Configure Flexfield Parameters in Value Sets for Document Records.docxConfigure Flexfield Parameters in Value Sets for Document Records.docx
Configure Flexfield Parameters in Value Sets for Document Records.docx
 
Building-Materials
Building-MaterialsBuilding-Materials
Building-Materials
 
How to Debug the Fast Formula.pdf
How to Debug the Fast Formula.pdfHow to Debug the Fast Formula.pdf
How to Debug the Fast Formula.pdf
 
Oracle Fusion Cloud Payroll Costing Query
Oracle Fusion Cloud Payroll Costing QueryOracle Fusion Cloud Payroll Costing Query
Oracle Fusion Cloud Payroll Costing Query
 
Oracle Fusion Cloud sensitive data access audit
Oracle Fusion Cloud sensitive data access audit Oracle Fusion Cloud sensitive data access audit
Oracle Fusion Cloud sensitive data access audit
 
Oracle Cloud SQL FTE Positions Query
Oracle Cloud SQL FTE Positions QueryOracle Cloud SQL FTE Positions Query
Oracle Cloud SQL FTE Positions Query
 
Legal Employer Details Query Oracle Fusion Cloud
Legal Employer Details Query Oracle Fusion CloudLegal Employer Details Query Oracle Fusion Cloud
Legal Employer Details Query Oracle Fusion Cloud
 
Query Pre Payment details Oracle Fusion Cloud
Query Pre Payment details Oracle Fusion CloudQuery Pre Payment details Oracle Fusion Cloud
Query Pre Payment details Oracle Fusion Cloud
 
All payroll elements with eligibility Oracle Fusion Cloud
All payroll elements with eligibility Oracle Fusion CloudAll payroll elements with eligibility Oracle Fusion Cloud
All payroll elements with eligibility Oracle Fusion Cloud
 
Payroll costing details Oracle Fusion Cloud HCM
Payroll costing details Oracle Fusion Cloud HCMPayroll costing details Oracle Fusion Cloud HCM
Payroll costing details Oracle Fusion Cloud HCM
 
Infolets and OTBI Deep link Actionable Reports - Configuration Work Book
Infolets and OTBI Deep link Actionable Reports - Configuration Work Book Infolets and OTBI Deep link Actionable Reports - Configuration Work Book
Infolets and OTBI Deep link Actionable Reports - Configuration Work Book
 
Query Worker Contracts Details Oracle Fusion Cloud
Query Worker Contracts Details Oracle Fusion CloudQuery Worker Contracts Details Oracle Fusion Cloud
Query Worker Contracts Details Oracle Fusion Cloud
 
Oracle Fusion Cloud HCM Payroll Query
Oracle Fusion Cloud HCM Payroll QueryOracle Fusion Cloud HCM Payroll Query
Oracle Fusion Cloud HCM Payroll Query
 
Oracle HCM Presentation 2020
Oracle HCM Presentation 2020Oracle HCM Presentation 2020
Oracle HCM Presentation 2020
 
Oracle Fusion HCM vs E-Business Suite HRMS
Oracle Fusion HCM vs E-Business Suite HRMSOracle Fusion HCM vs E-Business Suite HRMS
Oracle Fusion HCM vs E-Business Suite HRMS
 
2020 06-11 goverment KSA Summary VAT increase
2020 06-11 goverment KSA Summary VAT increase2020 06-11 goverment KSA Summary VAT increase
2020 06-11 goverment KSA Summary VAT increase
 
Financial reporting compliance cloud service presentation
Financial reporting compliance cloud service presentationFinancial reporting compliance cloud service presentation
Financial reporting compliance cloud service presentation
 
Absence Work flow query
Absence Work flow queryAbsence Work flow query
Absence Work flow query
 
Setting up audits and audit reports Fusion Cloud
Setting up audits and audit reports Fusion Cloud Setting up audits and audit reports Fusion Cloud
Setting up audits and audit reports Fusion Cloud
 

Recently uploaded

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Oracle Fusion Role Mappings

  • 1. Fusion Role Mappings An Oracle White Paper October 2011
  • 2. Fusion Role Mappings Introduction.........................................................................................................3 How to access Role Mappings..........................................................................3 Basic Principles....................................................................................................4 Auto provisioning................................................................................................4 Requestable roles.................................................................................................4 Self Requestable Roles........................................................................................5 Termination..........................................................................................................5 Running Auto Provisioning...............................................................................6 Fusion Role Mappings Page 2
  • 3. Fusion Role Mappings INTRODUCTION In Fusion, access to all parts of the system is controlled with Enterprise Roles in LDAP. Granting roles to a user is essential to allow them to access the system, and at the same time making sure that only the right people have access to roles is necessary for security reasons. Within Fusion, the Role Mapping definitions or Role Provisioning Rules is the mechanism used both to automatically grant the correct roles to users, and to restrict who has access to request roles for themselves or assign roles to others. Any role that will be provisioned to your users, must be defined in a role mapping definition. HOW TO ACCESS ROLE MAPPINGS To access the role mappings screen, you must log in with a user who has the IT Security Manager role. When you do that, navigate to the Setup and Maintenance area, and search for the task Manage HCM Role Provisioning Rules. Click on Go to Task to go to the screen to search for existing Role Mappings. Here you can either search for existing role mappings, or click on the Create icon to create a new role mapping. Fusion Role Mappings Page 3
  • 4. BASIC PRINCIPLES When creating role mappings, it is key to understand the basic principles behind the screen. AUTO PROVISIONING The role mappings are intended to automate the granting of the most common roles to users in the system to help reduce the workload of the managers and administrators. Most customers find that 80% of their role assignments are covered by a dozen role mappings. An example that may cover most of your role mappings is; Role Condition Employee Assignment Type = Employee, Assignment Status=Active Line Manager Assignment Type = Employee, Assignment Status=Active, Manager with Reports = Yes Sales Manager Assignment Status=Active, Resource Role=Channel Sales Manager HR Specialist Assignment Status=Active, Department = Human Resources US Financial Analyst Assignment Status=Active, Department=Finance, Legal Employer=Vision US You will note that this doesn’t cover 80% of the roles you may use, but rather 80% of the role assignments. Beyond this, most customers have a large number of roles, assigned to a low number of users. For that scenario, we will define a separate Requestable roles mapping definition instead. It is also important to note that Autoprovisioned roles are allocated to a user based on the user’s HR record and their TCA party data. It does not depend on the data of the logged in user, but on the user who is receiving the roles. REQUESTABLE ROLES In addition to the most common roles that you have auto-provisioned, you probably have a number of other roles in use that are only typically assigned to a few people. It is more efficient to set these up as being requestable by the appropriate people in your organization. It is also important to note that no roles are requestable unless you add them to the list. This is for security reasons, so that, for example, a rogue employee or employees can’t request a highly-privileged role for someone else in their team. You might therefore want to split the roles that you want to make requestable by anyone in to one group, and those that you want requestable by a limited number of people in to another group. Here is an example of that; Role Condition Expenses Auditor Expenses Manager Assignment Type = Employee, Assignment Fusion Role Mappings Page 4
  • 5. Expenses Analyst Financial Analyst Financial Application Administrator Financial Supply Chain Manufacturing Application Administrator Human Resources Analyst Benefits Administrator … Status=Active, Manager with Reports = Yes Functional Setups User IT Security Manager Assignment Status=Active, Job=Human Resource Manager In this case, the person requesting the role on behalf of others must match these criteria themselves, so in this example any line manager can request that one of their employees be assigned one of the long list of roles, but only someone with the job of HR Manager can request the two restricted roles be granted to someone. The former is where the majority of the roles are expected to be in most installations. SELF REQUESTABLE ROLES Sometimes you want your employees to have access to some functionality if they need it, but don’t want to push it out to everyone, because it may needlessly clutter their screens. For example, you may want to allow employees to request the Expenses role if they need to submit expenses, but don’t want to have it there by default. Under those circumstances, you can make a role self requestable. When someone whose employee record matches the criteria enters the My Account screen, they are then able to request that role. Here is an example of that; Role Condition Expenses User Procurement Requestor Assignment Type = Employee, Assignment Status=Active TERMINATION You will have noticed that all of the examples so far have conditions with the Assignment Status set to Active. This will restrict those roles to be granted to active employees only. Once the employees are terminated, they will loose all manually provisioned roles, and any automatically provisioned roles which they are no longer entitled to. If they have no roles left, their user account will also be suspended on the next working day. It is important to note though that it is valid to have roles which are applicable both before and after termination, or even only after termination. Some examples are that you might want to grant access to your job site to all past and present employees so that they can apply for new jobs. Or you might need to grant access to expenses and benefits to ex-employees so that they can manage their affairs after termination. In the recruiting example, you would simply not specify the Assignment Status, and in the Benefits and Expenses example, you would specify an Assignment Status of Inactive. Fusion Role Mappings Page 5
  • 6. RUNNING AUTO PROVISIONING Auto-provisioning of roles will occur whenever an employee is hired, terminated, or any of their employment data is changed. If a past or present-dated change is made, the roles will be auto-provisioned as of today. If a future-dated change is made, the roles will be auto-provisioned when that future date arrives. To enable this functionality to work correctly, you must schedule the Person Synchronization and ProcessLdapRequests ESS jobs to run once a day. If you create a new auto provisioning rule, it will not be applied to users until their data changes. To apply the rule immediately, press the Apply Autoprovisioning button on the Role Mappings page. Note, this will run auto provisioning for all users for all role mappings, so if you are creating multiple role mappings wait until you have created them all before choosing this button. This is a very process intensive task, so you would be best advised to plan to create your role mappings carefully. Bulk Loading When bulk loading people thorough interfaces such as HR2HR, roles will be auto-provisioned for all of the people according to the rules that you have defined. However, the roles will not be added to the users immediately in this mode. They will be held in a queue until the batch has finished loading. To process the requests to modify users and roles after loading the people, run the ProcessLdapRequests ESS job. If you are loading a lot of historic data in one single HR2HR run, a auto provisioning will run for each and every row in the person’s history. If someone’s role entitlement has changed several times over their history, the HR2HR load will grant them all of the roles that they would be entitled to over this period. To remove any unwanted roles at the end of loading the history in this way, run the Apply Autoprovisioning functionality on the role mappings screen. Fusion Role Mappings Page 6
  • 7. Fusion Role Mappings October 2011 Author: Martin Millmore Contributing Authors: Stephanie Dorrer Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: Phone: +1.650.506.7000 Fax: +1.650.506.7200 www.oracle.com Oracle Corporation provides the software that powers the internet. Oracle is a registered trademark of Oracle Corporation. Various product and service names referenced herein may be trademarks of Oracle Corporation. All other product and service names mentioned may be trademarks of their respective owners. Copyright © 2011 Oracle Corporation All rights reserved.