With Inputs from,
Sreebhushan Shivapuram, Consulting Member Technical Staff, Software Development.
This article describes how to configure data security access for an HR Analyst and a Line Manager. The principle of this solution is to replace the standard data security roles provided by Oracle Fusion Analytics Warehouse (FAW) with custom data security roles that can be combined. One role provides access to all data. Another role provides access only to line manager data.
The primary use case to create two separate custom data security roles is to provide larger data access to the line manager rather than only their supervisory hierarchy. The pre-built data roles of Line Manager Data Security and HCM View All Data grant the most restrictive data access. To grant users the least restrictive data access, despite them being assigned to the Line Manager Data Security role, you must create two separate custom data roles, without any functional group or without using the same functional group.
The following image illustrates the workflow for setting up the least restrictive data access:
The following section contains step-by-step instructions with required code snippets to grant users the least restrictive data access:
SELECT DISTINCT 'FAW_AOR_SESSION_VAR', BUSINESS_UNIT_ID /*Select required AOR attributes*/
FROM dw_asg_responsibility_d a, dw_user_person_d b
WHERE a.person_id = b.person_id
AND UPPER(b.username) = UPPER(':USER') /*Logged In User*/
AND a.status = 'Active'
AND sysdate BETWEEN a.start_date AND a.end_date
AND RESPONSIBILITY_TYPE = 'HR_REP' /*Update AOR Type based on AOR Data*/
To validate the setup, assign user ANNA.HOLM to the Custom Line Manager and Custom HR Analyst groups along with the FAW Licensed system group. When user ANNA.HOLM accesses FAW and runs a query on Headcount, she can see "All data" instead of seeing her own supervisory organization data with the pre-built Line Manager Data Security and HCM View All Data Security roles.
Call to Action
This article describes setting up custom data security in Fusion HCM Analytics, for granting users larger data access than their supervisory organization. By following theses instructions, you can set up a custom Line Manager data security role and a custom data role granting all data access. Use the sample code snippets for cases where line managers have access to additional Business Units / Legal Employers / Countries / Departments or any other AOR attribute governed via Area Of Responsibility in Oracle Cloud HCM.
Previous Post
Next Post