When it comes to personnel data, trust is essential. Employees rely on their organizations to safeguard personally identifiable information (PII), trusting their HR departments and managers to keep the data private. If employee data were to be leaked or viewed by unauthorized individuals, that would undermine employee trust and leave the organization vulnerable to liabilities. Oracle Fusion HCM Analytics provides an array of fine-grained controls that enable administrators to provide security and protect trust, ensuring data can’t be accessed by unauthorized individuals outside the organization and, even beyond that, by establishing internal data privacy controls.
Upholding data privacy standards depends heavily on the ability to restrict within the organization who can access which data. While some super users might have wide-reaching access to view across multiple business units, ideally most are limited to only the business units for which they’re directly responsible. Restricting the number of people who can access data allows organizations to help mitigate the risk of data being unintentionally viewed.
In previous releases of Oracle Fusion Analytics Warehouse (FAW), users could control security with out-of-the-box data roles.
Common examples of uses for data roles include permitting line managers to access their supervisory hierarchy-based data; enabling HR users to see complete organizational data or data restricted based on business unit, legal employer, and department; and restricting a user from accessing their own records.
In the latest release, FAW grants users more fine-grained control over data by allowing the configuration of custom data roles and custom security that expands the out-of-the-box capabilities. Also, ‘country context’ has been added to the out-of-the-box contexts offering. With custom data roles and custom security features, data security can be applied on custom subject areas; and on any filter criteria such as exclude access to X grade, access based on bargaining unit, exclude access to HR department data, and similar.
Even as the number of out-of-the-box duty roles are expanding, some users need the flexibility to create their own roles. In the latest release, administrators can create custom duty roles that can restrict access to custom subject areas created through the extensibility framework and can restrict access to any facts and dimensions in existing subject areas. By creating custom data roles, administrators can then restrict access to different facts and dimensions in the subject area based on any attributes not available with the out-of-the-box security context and can assign that data role to the user.
In the latest release, licensed groups are added. A user must be assigned to one of the predefined licensed groups to obtain access to FAW. System roles such as author and consumer are wired deep within new licensed groups – FAW Licensed HCM Consumer and FAW Licensed HCM Author. Licensed groups are provided for other functional pillars such as ERP (FAW Licensed ERP Consumer and FAW Licensed ERP Author) and for administrators (such as Service Admin and Security Admin).
Let’s explore a number of key functions and tasks within the latest release.
From the FAW Home page, click the main navigation menu (the hamburger icon) and select Console.
Not all users can access the Console. Only those with the appropriate permissions can view the security controls section. For complete information on this topic, see the product documentation.
On the Console, note the following tabs:
To add a user from the Users tab, click Add User.
Click Create a New User.
Add the new user’s details. You can easily use the person’s email address as their user name.
All IDCS users are visible from the users’ page.
This is also the place to add users to Licensed Groups.
You can add to multiple groups by selecting one from the list. If you select multiple groups, then the Show Selected Only option displays only those groups selected in the current operation.
Within the Security Assignments tab, you can assign security values to users. You can filter through context, making it easier and faster to specify the values.
Clicking Manage Users opens the dialog for adding users. Users must have their business data roles given to them before they can be assigned new security values.
Display the History tab to view audit logs of all actions that have been made through the Security console. This important feature helps to ensure compliance.
In the latest release, FAW allows the creation of custom data and duty roles to implement data and object security.
While there's currently no automated data security syncing between FAW and Oracle Cloud HCM, in future releases the process of assigning security values will become simpler. Administrators will be able to perform mass uploads of user information from a Microsoft Excel file with their specified security values.
With more fine-grained controls, FAW is taking the next step to give organizations the ability to fine-tune security to meet their specific needs. With greater extensibility for customization, an even simpler interface for managing security, and more out-of-the-box duty roles included, FAW is making it easier to take control of your security without compromising efficiency.