1. What are we going to learn today?
In this article we will learn to create a custom role by copying a seeded role. Once custom role is ready we will assign a data role that will be based on the person security profile. In the past we have already discussed in details how to customize a role with example. so dont miss to read that article too.
2. What are we doing here?
In this article we will create two custom roles mentioned below, they will be copy of oracle delivered Line Manager role.
- AP Project Manager
- AP Compensation Manager
As we have learned from this article » How to Configure & Use Matrix Manager (Dotted Line Manager) in Oracle Cloud HCM that we need separate roles for each matrix manager so that they can manage data differently. For example Project Manager should not be able to see salary data of an employee and Compensation manager should not be able to change employee’s location etc.
3. Copy delivered role to customize
It is always a best practice to copy the seeded role and customize that copied role rather than directly changing delivered role. Some time you will not be even able to change delivered roles. You also need to ensure that before you copy any delivered role (which is mostly a job role or abstract role) there is no data role assigned to it. To check if any data role is assigned or not follow these steps.
3.1 Check if any data role is assigned to a job role
Search for the task Manage Data Role and Security Profiles and then search for the seeded role that you are planning to copy. In our case it is Line Manager. Now in the search results section check column Security Profile Assigned. If you see the green check as shown in the image below that mean a security profile is attached (data role) and that is a problem!!
But dont worry what you can do is revoke this security profile, which is assigned to data role. For the same click on the button Revoke Security Profiles. When you click on that you will receive warning message. Click on Yes.
Please note : Ideally there should not be any security profile attached with any delivered role. But if it has been assigned just verify the attached security profile and take screenshot (backup) of it so that once you revoke security profile and and make a copy of seeded role you can assign same security profile back. If you are unsure how to check what kind of security profile is attached and how to restore it, just keep reading this article.
4. Copy delivered role
To copy a role navigate to Tool » Security Console » Search for seeded role Line Manager (ORA_PER_LINE_MANAGER_ABSTRACT)
And then click on Copy Role as shown below.
Which will give you two options as mentioned below
- Copy top role
- Copy op role and inherited roles
Select the second option and click on button Copy Role. This will take you to the page Copy Role Line Managercopy: Basic Information
On this screen change the name from Line Manager to name you want for your new role and also change the Role Code. You can enter details as follows
- Role Name : AP Project Manager
- Role Code : AP_PER_PROJECT_MANAGER_ABSTRACT_CUSTOM
- Predefined Role : No
- Description : Copy of delivered Line Manager role
Now keep on clicking Next until you reach to Summary page or directly click on that 7th train stop (Summary).
On this screen click on the button Submit and Close. This will submit a process in backend, which you can see from here Tool » Security Console » Administration » Role Copy Status (Tab)
You need to wait until its statuses changes to Complete. Our job role AP Project Manager is ready. But is you assign this to anyone, its of no use as there is no data role assigned to it.
5. Create a data role – Person Security profile
Search for the task Manage Person Security Profile and open it. In the search result section click on the + Create button to create a new security profile. You are on Create Person Security Profile page.
Enter details as follows
Basic Details Section
- Name : AP Project Manager Security Profile
- Enabled : Yes
Manager Hierarchy Section
- Secure by manager hierarchy: Yes
- Person or Assignment Level : Person
- Manager Type : Click on Selected button and then choose Project Manager
- Hierarchy Content : Manager Hierarchy
Note : You will see Project Manager option only, if you have followed this article » How to Configure & Use Matrix Manager (Dotted Line Manager) in Oracle Cloud HCM
Click on Save and Close button.
6. Assign data role to Job role
Search for the task Manager Data Role and Security Profiles and open it. In the Role name enter the role we created earlier AP Project Manager. And then click on Edit button. You will be on page Edit Data Role: Role Details.
Click on Next button and you will on page Edit Data Role: Security Criteria. On this screen enter details as follows
- *Organization Security Profile : View All Organizations
- *Position Security Profile : View All Positions
- *Document Type Security Profile : View All Document Types
- *Country Security Profile : View All Countries
- *Payroll Security Profile : View All Payrolls
- *Flow Pattern Security Profile : View All Flows
- *LDG Security Profile : View All Legislative Data Groups
- *Public Person Security Profile : View All People
- *Person Person Security Profile: AP Project Manager Security Profile
Please Note : Don’t forget to attach person security profile AP Project Manager Security Profile we create earlier against the filed Person Security Profile appearing under header Peron.
Now click on Next until you reach to last train stop that is Edit Data Role: Review.
On this screen click on Submit button.
Now your data role is ready. Let’s assign it to user. Go to Tool » Security Console » Users » Search user » Open User – Click on Edit Button » Click on Add Role button. Search for data role we just created AP Project Manager » Click on button Add Role Membership. » Click on Done Button » Click on Save and Close button.
Most of the times roles assigned to user take into the effect immediately but you can run the process “Retrieve Latest LDAP Changes” in case there is any problem or delay. You can read this article to know how to run/schedule a process » How to Schedule a Process in Oracle Fusion?
7. What next?
So we have successfully created a job role (AP Project Manager) and assigned data role to it. This role is ready to use. If you assign this role to any user, he would be able to see employee only falling under project manager dotted line hierarchy. Similarly we can repeat the step to create another role AP Compensation manager. Once these roles are ready we will see in next article how to customize them.
