Role Customization

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

2


Customer Connect Role Customization Best Practices

Manoj Gudivaka Applications Architect Oracle Fusion Applications, Applications Functional Architecture June 03, 2014


Program Agenda

1

2

3

Introduction to Reference Implementation

Job Role Customization

Duty Role Customization

4


Program Agenda with Highlight

1

2

3




5


Reference Implementation Enterprise Roles

• Includes Job and Abstract Roles – Job roles typically represent the jobs users are hired into. For Eg:

• Accounts Payable Specialist • Payroll Manager

– Abstract roles typically contain common functionality irrespective of job role. For Eg: • Employee – Gives ability to log expense reports, manage personal information.. Etc • Line Manager – Gives access to reportee’s information

6

User

Employee Accounts Payable Specialist

User

Employee Line Manager Payroll Manager


Reference Implementation Duty Roles

• Duty Roles are a grouping of entitlements

• Duty Roles can inherit other Duty Roles

• Duty Roles are inherited by Enterprise Roles

• Duty Roles are never granted to Users Directly

7

Accounts Payable Manager

Accounts Payable Specialist

Common Country Third Party Reporting Duty

Run Global Third Party Balances Summary Report Run Global Third Party Account Balance Report Run Global Journals and Third Party Report Run Global Subledger Detail Journal Report

Entitlements


Reference Implementation Accounts Payable Manager

8


Reference Implementation Terminology

9

Entitlement, Target (APM)

Application Role (APM)

External Role/Enterprise Role (OIM) Data Role

Accounts Payable Manager – North America

Job role

Accounts Payable Manager

Abstract

Employee

Privilege

Manage Payables Invoice

Privilege

Modify Payables Invoice Tax Drivers

Duty Role

Payables Invoice Processing Duty Duty Role

Party Information Inquiry Duty

Can View Trading Community Person for all organizations in the enterprise - IMPLICIT

Data Security Policy

Where BU=Vision Operations Object=Invoices - EXPLICIT

Data Security Policy



1

2

3




10


Job Role Customization Best Practice

1. Always create Custom Job and Abstract roles. – Custom roles ensure upgrades will not overwrite customizations – Custom roles are created using OIM.

2. Grant seeded Duty roles to Custom roles using APM.

11


Job Role Customization Example – Step 1

• Create custom role using OIM similar to seeded role.

• Navigation: Setup and Maintenance -> Manage Job Roles

12



• Create custom role and copy the hierarchy from seeded role

13

Seeded Job Role Custom Job Role



• Grant seeded Duty roles to Custom roles using APM

• Navigation: Setup and Maintenance -> Manage Duties

14



• Grant all top level duty roles of the seeded job to custom job role in APM

• Steps: 1. Open seeded job role in APM 2. Open each top level duty role 3. Go to “External Role Mapping” tab 4. Add custom job role 5. Repeat for all the top level duty roles in all applications ( aka Policy Stripes)

15



Open Seeded Job Role in APM

Go to Application Role Mapping

Applications ( aka Policy Stripes )

Top level duty roles

16



Open Top Level Duty Role

Go to External Role Mapping

Add custom job role

Custom job role added

• Repeat the same for every top level duty role in all policy stripes

17



1

2

3




18


Duty Role Customization Best Practice

Option 1: Modify seeded duty directly – Pros

• Easy to customize • Upgrade will not overwrite customization

– Cons • Reference to seeded role definition is lost. Restoration from a mistake is difficult (*) • Users will automatically get new functionality with no opportunity to positively accept or reject (*) This risk can be mitigated by: 1. Installing User and Role Access Audit Report 2. Take back up of each role definition into a csv file before modification

19


Duty Role Customization Best Practice

Option 2: Create custom duty – Pros

• Reference to seeded role definition is not lost. Restoration from a mistake is easy. • Upgrade will not automatically grant new functionality • Customers will can evaluate new functionality delivered in seeded roles before updating custom

roles

– Cons • Creation of custom duty role is complicated and error prone • Role copy feature not available until release 10

20


Duty Role Customization Option 1: Modify Seeded Duty Role

Open Custom Job Role in APM

Go to Application Role Mapping

Select Seeded Duty

Open Seeded Duty

21


Duty Role Customization Option 1: Modify Seeded Duty Role

Seeded Duty Opened

Find Seeded Policies

22


Duty Role Customization Option 1: Modify Seeded Duty - Functional Policies

Seeded Policies

Open Functional Policies

Add or Remove Entitlements to seeded policies as required

23


Duty Role Customization Option 1: Modify Seeded Duty – Data Security

Seeded Data Security

Edit Seeded Data Policy

End Data Seeded Data Policy

Create New Data Policy


Summary Best Practice

1. Always create custom job and abstract roles

2. Use Seeded Duty roles to grant authorizations to custom roles

3. If seeded duty roles need to be customized: 1. Option 1: ( Easy but with minimum risks )

1. Take csv backup for reference and error recovery 2. Modify seeded function policies 3. End Date seeded data policies 4. Create custom data policies

2. Option 2: ( Hard but no risks ) 1. Create custom duty role

25


Safe Harbor Statement

The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

26

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 27

Documents

Role Customization