This article is part of a series of articles on setting up custom security in Fusion HCM Analytics using Area of Responsibility (AOR) data from Oracle Fusion Cloud HCM.
This article outlines the process of setting up custom data security automation in Oracle Fusion HCM Analytics using prebuilt security contexts, the AOR functional area, and the automated security assignments upload feature.
Prerequisites
- Oracle Fusion Cloud HCM AOR security implementation: Secure the person records by Area of Responsibility.
- Activate the Security Functional Area as described in this blog article.
Implementation steps
The following image provides a step-by-step breakdown of the workflow for automating data security assignments:
Select a security context
The available prebuilt FDI security contexts are:
- HCM Business Units
- HCM Country
- HCM Departments
- HCM Legal Employers
Assign a FDI data security role to the job group
Assign the Fusion job group to the FDI data application role in the FDI Security console.
Create a custom sync table
To enable automatic updates for security assignment changes, create a custom table CUSTOMER_FAW_CONTENT_AUTOSYNC_ASSIGNMENT” in the OAX_USER schema of your Oracle Autonomous Data Warehouse.
For more details, see the Manage Data Access through Security Assignments documentation and the topic, Update Security Assignments Automatically.
CREATE TABLE CUSTOMER_FAW_CONTENT_AUTOSYNC_ASSIGNMENT (
"USERNAME" VARCHAR2(256 CHAR),
"SEC_OBJ_CODE" VARCHAR2(256 CHAR),
"SEC_OBJ_MEMBER_VAL" VARCHAR2(4000 CHAR),
"OPERATION_TYPE" VARCHAR2(65 CHAR),
"CREATION_DATE" TIMESTAMP(6));
-- Grant access from the schema OAX_USER
GRANT SELECT ON CUSTOMER_FAW_CONTENT_AUTOSYNC_ASSIGNMENT TO OAX$INFRA;
COMMIT;
Prepare the AOR assignment data
This article discusses the legal employer security context and how to prepare assignment data for it, referencing the data loaded in the dw_asg_responsibility_d table.
- Locate legal employer data in the table dw_asg_responsibility_d.
- Filter the data by RESPONSIBILITY_TYPE according to HCM AOR configuration.
- Insert data into the custom sync table.
The following is a SQL statement to insert data into the custom auto-sync table for the legal employer security context with a responsibility type of HR_REP:
INSERT INTO customer_faw_content_autosync_assignment (username,sec_obj_code, sec_obj_member_val, operation_type,creation_date)
SELECT
DISTINCT b.username,
'OA4F_SEC_HCM_LEGAL_EMPLOYER_LIST',
a.legal_entity_id,
'ADD',
localtimestamp
FROM
dw_asg_responsibility_d a,dw_user_person_d b
WHERE
a.person_id = b.person_id
AND a.status = 'Active'
AND sysdate BETWEEN a.start_date AND a.end_date
AND legal_entity_id <> - 99999
AND responsibility_type = 'HR_REP' /*Update AOR Type based on AOR Data*/
Automate the data load
Automate the data load from the AOR table to the custom sync table using ADW DBMS scheduler or any preferred scheduling tool.
Validate the data synchronization
Oracle Fusion Data Intelligence (FDI) scans the table every two hours, retrieves records based on the CREATION_DATE, and updates the FAW_CONTENT_AUTOSYNC_ASSIGNMENT table in the OAX$INFRA schema. It then processes the data to update the security assignments as needed. Execute data deletion using REMOVE in place of ADD in the “operation_type” column.
Explore More
- Refer to the other articles in this blog series for detailed instructions on how to set up security through AORs in specific circumstances.
- For more information about Oracle Fusion HCM Analytics, check out the Help Center Documentation.
- Explore the featured and recent blog articles on Fusion Analytics.
- Ask about AOR and related topics in the Fusion HCM online community.