Why do we need security?
In oracle HRMS, most of the data must be secured under data protection act. Your date of birth is one such example. Plus also, it is not nice for a system to make salary information etc visible to everyone [just because they have access to responsibility]
In this article, I will discuss the Standard HRMS security model and at the end of this article, I will explain the alternate Security Model in Oracle HRMS.
The alternate Security Model is required to overcome the limitation of standard[basic]security model design..
From a Responsibility, I wish to show people that work in just IT department: How do I do it?
Firstly you must have an Organization Hierarchy in place, let's say that will have structure similar to below:-
"XX Passi-Corp Hierarchy" --Lets say this is the name of the Org Hierarchy.
XX Passi-Corp --Top level organization
---XX Finance
--XX Credit control
--XX debt manager
--XX customer relationship
--XX IT
--XX IT Technical
--XX IT Technical Support
--XX IT Development
--XX IT Functional Support
--XX IT Business analysts
Now lets assume you have an IT Head(overall), and also "IT Technical Head of Department".
You want to create a Responsibility from which only those people that work in following Departments can be queried.
XX IT Technical
XX IT Technical Support
XX IT Development
We will do the below steps to accomplish this business requirement:-
1. Define a Organization Hierarchy
2. Define a security Profile that is attached to node “XX IT Technical” of the Hierarchy
3. Attach this security profile as a profile option to our responsibility named “XX HRMS IT Technical Resp”
4. Run the concurrent program “Security List Maintenance”.
Now, I am going to explain the above steps by means of screenshots[don't I love them] :-
Step 1. Define a Organization Hierarchy
Step 2. Define a security Profile that is attached to node “XX IT Technical” of the Hierarchy
Step 3. Attach this security profile as a profile option to our responsibility named “XX HRMS IT Technical Resp”
Step 4. Run the concurrent program “Security List Maintenance”.
No screenshot needed here.
Now some notes :-
1. This article discussed the "Standard Security Model" in Oracle HRMS. In this security model, you will need to create One Responsibility per Security Profile. This is the limitation of this Security Model.
2. You can also create a Security Profile that uses a Custom Security via "SQL Statements". Alternately create a security model on Positions, Payroll etc [see screenshot for details]
3. The difference between PER_PEOPLE_F and PER_ALL_PEOPLE_F is that former is a view that filters on Security Profile [on the basis of logged in user/ responsibility ]
Whereas PER_ALL_PEOPLE_F is a table[no security filtration on table].
4. If you do not wish to use “Standard Security Model”, then you can use “Security Groups” feature.
For this you can set Profile Option “Enable Security Groups” to Yes.
Next, you can assign different Security Profiles to specific users [though for same Responsibility].
Hence you will be able to reuse the responsibility, and hence overcoming the limitation discussed as above.
See the screenshot below.
Set as favorite
Bookmark
Email This
Hits: 19415
Comments
(13)
Subscribe to this comment's feed
...
written by Arun , December 23, 2006
written by Arun , December 23, 2006
too good article. simple and clear..keep the good work going..
Votes: +0
report abuse
vote down
vote up
...
written by Arun , December 23, 2006
written by Arun , December 23, 2006
too good article. simple and clear..keep the good work going..
Votes: +0
report abuse
vote down
vote up
...
written by Florin , February 23, 2007
written by Florin , February 23, 2007
Hello Anil,
you say that the person should see in the HRMS Person Data the employees that Belog to XX Credit control department. How is this possible since you assign to this person the profile that allows him to see only the employees in the XX IT Technical ?
many thanks,
Florin
Votes: +0
you say that the person should see in the HRMS Person Data the employees that Belog to XX Credit control department. How is this possible since you assign to this person the profile that allows him to see only the employees in the XX IT Technical ?
many thanks,
Florin
report abuse
vote down
vote up
...
written by Florin , March 05, 2007
written by Florin , March 05, 2007
Hello Anil,
you have a very good blog and I think that a comment from your part on this subject could help.
I modified a SIT for a person and then (after no more the 1 minute) I queryed the database with the following :
This e-mail address is being protected from spambots. You need JavaScript enabled to view it > select last_update_login from PER_PERSON_ANALYSES where person_id = 7366 and id_flex_num =50240;
LAST_UPDATE_LOGIN
-----------------
2649370
This e-mail address is being protected from spambots. You need JavaScript enabled to view it > select * from FND_LOGINS where login_id =2649370;
no rows selected
This e-mail address is being protected from spambots. You need JavaScript enabled to view it >
How is it possible ?
thanks,
Florin
Votes: +0
you have a very good blog and I think that a comment from your part on this subject could help.
I modified a SIT for a person and then (after no more the 1 minute) I queryed the database with the following :
This e-mail address is being protected from spambots. You need JavaScript enabled to view it > select last_update_login from PER_PERSON_ANALYSES where person_id = 7366 and id_flex_num =50240;
LAST_UPDATE_LOGIN
-----------------
2649370
This e-mail address is being protected from spambots. You need JavaScript enabled to view it > select * from FND_LOGINS where login_id =2649370;
no rows selected
This e-mail address is being protected from spambots. You need JavaScript enabled to view it >
How is it possible ?
thanks,
Florin
report abuse
vote down
vote up
...
written by salim , March 13, 2007
written by salim , March 13, 2007
too gud anil, this article helps me a lot
Votes: +0
report abuse
vote down
vote up
...
written by Ramesh , June 25, 2007
written by Ramesh , June 25, 2007
Hi,
How do we transfer employees between business groups? Can i transfer UK bg employee to India bg? what are the impact on his past data including other modules like financ, projects and crm
Votes: +0
How do we transfer employees between business groups? Can i transfer UK bg employee to India bg? what are the impact on his past data including other modules like financ, projects and crm
report abuse
vote down
vote up
...
written by Ravi Nuka , December 22, 2007
written by Ravi Nuka , December 22, 2007
Hi,
All of your articles help beginners to boost up their confidence levels. Thanx a lot for your service to IT field.
Votes: +0
All of your articles help beginners to boost up their confidence levels. Thanx a lot for your service to IT field.
report abuse
vote down
vote up
Screenshots not visible
written by Pallavi , March 20, 2008
written by Pallavi , March 20, 2008
Hi Anil,
The screenshots in this documents and many other documents are not visible.
Votes: +0
The screenshots in this documents and many other documents are not visible.
report abuse
vote down
vote up
...
written by mkacorp , August 20, 2008
written by mkacorp , August 20, 2008
pls show me how Ican build profile to user work in specifed organization
Votes: +0
report abuse
vote down
vote up
Difference between per_people_f and per_people_v
written by Facundo , September 18, 2008
written by Facundo , September 18, 2008
Hello, i would like to know the diference between two views.
- per_people_v
- per_people_f
I canĂ½ find it.
Thanks.
Votes: +0
- per_people_v
- per_people_f
I canĂ½ find it.
Thanks.
report abuse
vote down
vote up
Secuirty Profile
written by Indira , June 24, 2009
written by Indira , June 24, 2009
Hi,
I want to create the security profile as below.
The user wants to restrict users based on organization hierarchy. but with the exception of one organization say XX finance.
That means users attached to all other organization and their children should have restricted access except for XX finance and it's children.
Please note that I can't use Secuirty Groups enabled feature as employees get transferred every now and then.
Kindly suggest
Thanks in advance.
Indira
Votes: +0
I want to create the security profile as below.
The user wants to restrict users based on organization hierarchy. but with the exception of one organization say XX finance.
That means users attached to all other organization and their children should have restricted access except for XX finance and it's children.
Please note that I can't use Secuirty Groups enabled feature as employees get transferred every now and then.
Kindly suggest
Thanks in advance.
Indira
report abuse
vote down
vote up
security profiles for users of certain payrolls
written by marcelle , January 05, 2010
written by marcelle , January 05, 2010
hello anil
i would like to create a security profile with access to specified payrolls. i created the hr security profile and need to know why i must restrict the profile using system>profile in sysadmin. doesn't the security profile created in hrms work at restricting users?
Votes: +0
i would like to create a security profile with access to specified payrolls. i created the hr security profile and need to know why i must restrict the profile using system>profile in sysadmin. doesn't the security profile created in hrms work at restricting users?
report abuse
vote down
vote up
Security profiles to restrict certain payrolls from display in the output data reports for certain responsibilities
written by Vibha Pandey , May 18, 2010
written by Vibha Pandey , May 18, 2010
My query is kind of similar to the last one on the top by Marcelle. I ned to restrict Executive Payroll employees from appearing in a report from a certain Responsibility A.How do I acheive it?
Votes: +0
report abuse
vote down
vote up
| < Prev | Next > |
|---|
