Roles

Fusion Roles  


 

Role Types

This topic introduces the role types in Oracle Human Capital Management Cloud (Oracle HCM Cloud).

Oracle HCM Cloud defines five types of roles:

  • Data roles

  • Abstract roles

  • Job roles

  • Aggregate privileges

  • Duty roles

Data Roles

Data roles combine a worker's job and the data that users with the job must access. For example, the HCM data role Country Human Resource Specialist combines a job (human resource specialist) with a data scope (country). You define the data scope of a data role in one or more HCM security profiles. HCM data roles aren't part of the security reference implementation. You define all HCM data roles locally and assign them directly to users.

Abstract Roles

Abstract roles represent a worker's role in the enterprise independently of the job that you hire the worker to do. The three main abstract roles predefined in Oracle HCM Cloud are:

  • Employee

  • Contingent Worker

  • Line Manager

You can also create abstract roles. All workers are likely to have at least one abstract role. Their abstract roles enable users to access standard functions, such as managing their own information and searching the worker directory. You assign abstract roles directly to users.

Job Roles

Job roles represent the job that you hire a worker to perform. Human Resource Analyst and Payroll Manager are examples of predefined job roles. You can also create job roles. Typically, you include job roles in data roles and assign those data roles to users. The IT Security Manager and Application Implementation Consultant predefined job roles are exceptions to this general rule because they're not considered HCM job roles. Also, you don't define their data scope in HCM security profiles.

Aggregate Privileges

Aggregate privileges combine the functional privilege for an individual task or duty with the relevant data security policies. The functional privileges that aggregate privileges provide may grant access to task flows, application pages, work areas, reports, batch programs, and so on. Aggregate privileges don't inherit other roles. All aggregate privileges are predefined and you can't edit them. Although you can't create aggregate privileges, you can include the predefined aggregate privileges in custom job, abstract, and duty roles. You don't assign aggregate privileges directly to users.

Duty Roles

Each predefined duty role represents a logical grouping of privileges that you may want to copy and edit. Duty roles differ from aggregate privileges as follows:

  • They include multiple function security privileges.

  • They can inherit aggregate privileges and other duty roles.

  • You can create duty roles.

Job and abstract roles may inherit duty roles either directly or indirectly. You can include predefined and custom duty roles in custom job and abstract roles. You don't assign duty roles directly to users.



Predefined HCM Roles

Many job and abstract roles are predefined in Oracle Human Capital Management Cloud (Oracle HCM Cloud).

The predefined HCM job roles are:

  • Benefits Administrator

  • Benefits Manager

  • Benefits Specialist

  • Cash Manager

  • Compensation Administrator

  • Compensation Analyst

  • Compensation Manager

  • Compensation Specialist

  • Corporate Social Responsibility Manager

  • Employee Development Manager

  • Employee Wellness Manager

  • Environment, Health, and Safety Manager

  • Human Capital Management Application Administrator

  • Human Capital Management Integration Specialist

  • Human Resource Analyst

  • Human Resource Help Desk Administrator

  • Human Resource Help Desk Agent

  • Human Resource Help Desk Manager

  • Human Resource Manager

  • Human Resource Specialist

  • IT Auditor

  • Knowledge Author HCM

  • Knowledge Search HCM

  • Learning Specialist

  • Payroll Administrator

  • Payroll Manager

  • Recruiter

  • Recruiting Administrator

  • Time and Labor Administrator

  • Time and Labor Manager

The predefined HCM abstract roles are:

  • Contingent Worker

  • Employee

  • Executive Manager

  • Hiring Manager

  • Job Application Identity for Recruiting

  • Line Manager

  • Pending Worker

These predefined job and abstract roles are part of the Oracle HCM Cloud security reference implementation. The security reference implementation is a predefined set of security definitions that you can use as supplied.

Also included in the security reference implementation are roles that are common to all Oracle Fusion applications, such as:

  • Application Implementation Consultant

  • IT Security Manager

You can include the predefined roles in HCM data roles, for example. Typically, you assign abstract roles, such as Employee and Line Manager, directly to users.


Fusion User Roles SQL Query & Tables

 Important Tables of Oracle fusion user roles query

1.per_users
2.per_user_roles
3.per_roles_dn
4.per_roles_dn_tl

Detail SQL Query to Extract Oracle Fusion User & Roles

Query 1:-

select a1.USERNAME,
a1.ACTIVE_FLAG,
a1.CREDENTIALS_EMAIL_SENT,
a2.START_DATE,USER_ROLE_ID,
ROLE_ID,
ROLE_GUID,
ABSTRACT_ROLE,
JOB_ROLE,
DATA_ROLE,
ROLE_COMMON_NAME
from  per_users a1, per_user_roles a2,per_roles_dn a3
where a1.user_id=a2.USER_ID
and a2.ROLE_ID=a3.ROLE_ID
and a2.ROLE_GUID=a3.ROLE_GUID


Query 2:-
 
SELECT prdt.role_id, prdt.role_name,
              prdt.description RoleDescription,
              prdt.source_lang
FROM per_roles_dn_tl prdt

Query 3:-

SELECT pu.user_id,
         pu.username,
         ppnf.full_name,
         prdt.role_id,
         prdt.role_name,
         prd.role_common_name,
         prdt.description,
         TO_CHAR (pur.start_date, 'DD-MON-YYYY') role_start_date,
         TO_CHAR (pur.end_date, 'DD-MON-YYYY') role_end_date,
         prd.abstract_role,
         prd.job_role,
         prd.data_role,
         prd.duty_role,
         prd.active_flag
    FROM per_user_roles    pur,
         per_users         pu,
         per_roles_dn_tl   prdt,
         per_roles_dn      prd,
         per_person_names_f ppnf
   WHERE     1 = 1
         AND pu.user_id = pur.user_id
         AND prdt.role_id = pur.role_id
         AND prdt.language = USERENV ('lang')
         AND prdt.role_id = prd.role_id
         AND NVL (pu.suspended, 'N') = 'N'
   AND pu.username =:p_username
         AND ppnf.person_id = pu.person_id
         AND ppnf.name_type = 'GLOBAL'
         AND pu.active_flag = 'Y'
         AND NVL (pu.start_date, SYSDATE) <= SYSDATE
         AND NVL (pu.end_date, SYSDATE) >= SYSDATE
ORDER BY pu.username, prdt.role_name;

No comments:

Post a Comment

Subscribe to: Posts (Atom)