Objective:
In this article, we are going to discuss the various roles in Oracle Fusion Applications security.
Let’s move right into knowing the roles.
Roles in Oracle Fusion Applications:
We will encounter the following roles in Fusion security:
- Job Role
- Data Role
- Duty Role
- Abstract Role
- Data Access Set
Job Role:
The job roles are referred to as external roles. In general, these roles are created in APM (Authorization Policy Manager). A few examples of these roles include Chief Financial Manager, Payable Accountants Manager, Finance Controller, and so on. Also, many duties will be assigned to the job role. We can say, in other words, the job role must have the duty role. The duty of a Payable Accounts Manager includes approving invoices, creating invoices, running payment batches, and so on.
Related Blogs: Oracle Fusion Tax: Overview & New Features
Data Role:
If we don’t want the UK ledger as per the business requirement to be accessed by the customer/user in the US company/organization, we take the data role’s help which requires it to be selectively assigned. When we create a business unit or ledger, the system automatically creates a job role with data-role access. When a job role is attached to the data role, the job role design is confined to a particular business unit or ledger. After it is done perfectly, the job role gets the data access. It can also perform needed functions that are related to the information/data.
Duty Role:
The duty role is also referred to as the Application Role. Suppose a manager has a duty to approve invoices, create invoices, or create journals, then the duty of approving/creating journals/invoices is known as Duty Roles.
Abstract Role:
When a company/organization hires an employee, he has to get a role-Employee by default, and he should get a role-Contingent worker in the case of a Contractor. The functions are known to be Abstract Roles.
Data Access Set:
The set of Data Access can be mainly related to the ledger data. Suppose we have various balancing segments within a ledger. We don’t want to give Company 01 access to the business interest of the customer/user with access to Company 02. Hence, we must have to create some data access policies to do so. In turn, this will create a data role. Sometimes, when we create a ledger, it can also create a role by default that has access to the ledger. However, with the set of data access, the user can restrict the access to balancing the particular segment.
Reference Implementation’s Role Hierarchies:
In order to reflect an enterprise, the role hierarchies are structured. Job roles also inherit duty roles. Here’s an example for you: The job role of the accounts payable specialist inherits the Invoice Receiver Duty and Invoice Reviewer Duty roles. The job roles inherit many other job roles, like the Applications Implementation Consultant role and Controller job role. It can also inherit the roles of abstracts like Accounts Payable Manager job roles and Accounts Payable Specialist job roles, inheriting a Warehouse Manager and Employee abstract role, and the abstract role of Contingent Worker.
Many of the job roles don’t grant access to the information/data. In order to provide data access for such kinds of job roles, the user must generate the data roles by using the templates of the data role provided by the reference implementation. The data roles that a user generates must inherit the base job role. In addition, abstract roles can be used to inherit more abstract roles. The role of the employee inherits the abstract role of the Procurement Requester. It also inherited many other duty roles.
Also Read: Oracle Fusion Cloud Services
Security Reference Implementation’s Function Security:
The function security policies in the security reference implementation entitle an access role unconditionally in the Oracle Fusion Applications. The security of a predefined function consists of security policies and roles. Security reference implementation details can be viewed in the SRM (Security Reference Manuals) for every offering in authorization policy management. With the following standard approaches, the functions are secured:
Duties Policies Segregation: If the enterprise roles fall outside the security reference implementation scope, one might be required to extend his applications of the Oracle Fusion with duty and job roles.
Role-based access control:
- Role hierarchy and duty roles for each abstract and job role
- Set of job roles
- Access entitlement granted to every duty role
Function Access Based on Duty and Job Roles:
The defined Job duties consist of access to the functions of the application that are used in performing the duty. The security policies of predefined functions give entitlement to access functions for the purpose of actions carrying a duty. The segregated duties in a duty role are to prevent combining grants that should be separated across various multiple roles like recording, approving, and reconciling results.
Extending the Reference Implementation Function Security:
The reference implementation of predefined security is a case that represents the guidelines of security. Your enterprise might need some additional roles with some specific constraints on the functions of the accessing application. Here’s an example for you:
Your company/enterprise is a bank with the role of a bank manager. Ensure to create this new role as a new group in the LDAP (Lightweight Directory Access Protocol), create the job roles task, or identify the store by performing the job roles management in the OIM (Oracle Identity Management). To inherit the bank manager’s duties, define the job role as defined by the predefined and available duty roles. Ensure to create a duty roles hierarchy for the role of new job by using the APM’s (Authorization Policy Manager) Manage Duties task.
Suppose your enterprise is a pharmaceutical company; you might have users who have to perform the duties of clinical trial administration. Suppose the applications that a customer/user must access to administer a clinical trial are already part of Oracle Fusion applications. In that case, there’s a new duty that can be created in the APM with the entitlement to the functions users or resource code to access for performing the duties of the trial administration.
Conclusion:
I hope this article gives you detailed insights into the various roles in Oracle Fusion Applications Security. Still, if you have any queries, feel free to comment in the below section. Gologica is there for you to help. Contact us: 82969 60414. Happy Learning!
