![Page 1: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/1.jpg)
Session ID:
Prepared by:
Remember to complete your evaluation for this session within the app!
11063
Setting Up Security for
Oracle ERP Cloud
April 8th, 2019
Zsolt Varga
PM & BA
AXIA Consulting
![Page 2: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/2.jpg)
Solving Complex Business & Technology
Problems with Experience & Knowledge
Core Values…
Be Vested
Be Authentic
Be There
Be Approachable
Be Honest
Committed To Excellence
Our client relationships start
with a project and turn into
lasting partnerships.
Local & Global
Delivering results for clients
in more than 54 countries
over 6 continents.
AXIA Consulting (founded in 2005 and
100% employee owned) helps clients
identify and solve complex problems with
teams of experts averaging over 20 years
of experience. AXIA is different than other
integrators because we do not “leverage”
a few highly experienced consultants with
less experienced resources.
AXIA Oracle Service Offerings
Oracle Consulting Mergers & AcquisitionsImplementations &
Functional Extensions
EBS Assessments &
RoadmapUpgrades Client Advisory Services
![Page 3: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/3.jpg)
About The Speaker
Zsolt Varga▪ Project Manager
Senior Business Analyst
Employee Owner
▪ 12 years of Consulting Experience
▪ Extensive EBS FIN & ERP FIN Cloud Knowledge:• General Ledger
• Subledger Accounting
• Cash Management
• Payables
• Procurement
• Receivables
• Order Management
• Inventory
• Tax
• Projects
• Fixed Assets
![Page 4: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/4.jpg)
Session Objectives
• Enterprise Resource Planning Cloud
• Security Console & Functional Setup Manager
• Functional Security – Abstract, Job & Duty Roles, Privileges
• Data Security – Data Roles, Security Profiles & Data Access
• Auto-Provisioning
• CoA Segment Security & CVRs
• BI Permissions
![Page 5: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/5.jpg)
Client & Project
Client Overview:
SCHELBY COUNTY SCHOOLS
• Tennessee’s largest school district
• Within 25 largest public school districts in US
• Over 200 schools
• Approx. 12000 employees
• Total budget: $1.34 Billion
• Founded in 1867
Project Overview:
ORACLE CLOUD HCM, FSCM & PBCS
• Implementation & Configuration
• Conversion & CEMLI
• Testing & Training
• Business Process Transformation & OCM
![Page 6: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/6.jpg)
Navigation in Oracle Cloud
![Page 7: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/7.jpg)
Navigation in Oracle Cloud
![Page 8: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/8.jpg)
Navigation in Oracle Cloud
Home, Favorites and Recent Items, Watchlist, Notifications
![Page 9: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/9.jpg)
Security Console
IT Security Manager
![Page 10: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/10.jpg)
Security Console > Single Sign-On
![Page 11: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/11.jpg)
Security Console > Administration > Bridge for Active Directory
![Page 12: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/12.jpg)
Functional Setup Manager
Here you will:• manage Data Access• set up Security Profiles
and assign to Data Roles• implement Role
Provisioning Rules for automation
• configure Security Rules• create Cross Validation
Rules
![Page 13: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/13.jpg)
Fusion Role Based Security
Oracle Cloud uses Role-Based Access Control (RBAC) that secures access in a “who can do what on which functions or sets of data under what conditions” approach.The "who" is the user.The "what" are the abstract operations or entitlement to actions applied to resources.For example, view and edit are actions, and task flows or rows in data tables are resources.Entitlement secures access rights to application functions and data. Function access entitlement is granted explicitly to duty roles. This implicitly grants the function access to the job and abstract roles that inherit the duty roles. Data access entitlement is granted implicitly to abstract and job roles through data security policies on their inherited duty roles. Data access entitlement is granted explicitly to a data role through a data security policy applied directly to the inherited job or abstract role.
![Page 14: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/14.jpg)
Fusion Role Based Security
Explicit entitlement names the specific function or data that the holder of the entitlement is authorized to access.Only duty roles hold explicit entitlement to functions. An entitlement to a function allows one or more actions (update, create and view) applied to a resource (for example task flow).Data roles hold explicit entitlement to data. Data roles are entitled access to functions through inherited role hierarchies.Implicit entitlement names roles to which explicit entitlement is granted through a role hierarchy.Abstract, job, and data roles have implicit access to functions through duty roles that they inherit.Abstract, job, and duty roles have implicit access to data through data security policies.Data is also secured implicitly with the underlying data model of the product family records.
![Page 15: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/15.jpg)
Roles & Privileges
Data roles combine a worker's job and the data that users with the job must access.
Abstract roles represent a worker's role in the "enterprise" independently of the job that you hire the worker to do. These are for HCM, examples are Employee, Contingent Worker and Line Manager.
Job roles represent the job thatyou hire a worker to perform.
Aggregate privileges combine thefunctional privilege for an individualtask or duty with the relevant data security policies.
Duty roles represent a logical grouping of functional security privileges.
![Page 16: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/16.jpg)
Users to Roles to Privileges
Example on how the structure ofan assignmentlooks like:
![Page 17: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/17.jpg)
Roles & Privileges & Inheritance
![Page 18: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/18.jpg)
Job Roles towards Privileges
![Page 19: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/19.jpg)
Job Roles towards Roles or Privileges
![Page 20: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/20.jpg)
Job Roles towards Privileges
![Page 21: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/21.jpg)
Job Roles towards Privileges
![Page 22: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/22.jpg)
Job Roles towards Users
![Page 23: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/23.jpg)
Security Console > Administration
![Page 24: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/24.jpg)
Custom Role Creation
![Page 25: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/25.jpg)
Custom Role Creation
Unfortunately at the moment there is no job roles export-import functionality in the system.
![Page 26: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/26.jpg)
HCM Person & User
Trivial but to be able to sign in into Oracle Cloud applications, you will need a User.Also, as discussed earlier, Roles are assigned to Users.
So basically our prerequisite setups for assignments are:• Home > My Team or My Client Groups > New Person > Tasks >
Add a Pending Worker• Home > Tools > Security Console > Users >
Add User Account
Of course, you can use HCM Data Loader or Import Worker Users.
![Page 27: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/27.jpg)
Users
![Page 28: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/28.jpg)
Add Roles to Users
![Page 29: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/29.jpg)
Add Roles to Users
Unfortunately at the moment there is no user to job role assignments export-import functionality in the system.
However, there is aself-requestingfunctionality, if you allow users to manage their own accounts.
![Page 30: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/30.jpg)
Processes
There are certain processes that have to be run and then also scheduled recurringly to keep your system in sync:• Run User and Roles Synchronization Process• Import Users and Roles into Application Security• (There are further %LDAP% programs in Scheduled Processes)
These 2 main processes make sure that setups are the same in LDAP (Lightweight Directory Access Protocol), policy store, Applications Core Grant schema and Oracle Fusion Applications Security tables. This results that your system and Security Console are fast and reliable.
![Page 31: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/31.jpg)
Submit Processes & Manage Applications Security Preferences
![Page 32: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/32.jpg)
Data Roles & Security Profiles
This functionality can be used mainly for HCM custom Data Roles creation to grant or restrict data access via Security Profiles.
![Page 33: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/33.jpg)
Data Roles
![Page 34: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/34.jpg)
Data Roles
![Page 35: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/35.jpg)
Security Profiles
Examples of usage:• Organization SP works with HCM Dept
Tree or Org Tree or Org Classification or specific Dept(s) or Org(s).
• Country SP uses Territories or Countries.• Position, Document Type and Person SPs
are definitely HCM oriented.
First two examples workfor ERP Cloud as well…
![Page 36: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/36.jpg)
Data Access
![Page 37: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/37.jpg)
Manage Data Access for Users
![Page 38: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/38.jpg)
Users, Roles & Security Context
Security Context:
![Page 39: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/39.jpg)
Create Data Access in Spreadsheet (ADFdi)
Your Spreadsheet isbased on your Search.
Authorize Data Access tab shows missing setups.
You can fill in Security Context Value for these lines or even create new lines.
![Page 40: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/40.jpg)
Create Data Access in Spreadsheet (ADFdi)
View Data Access tab shows existing setups.
You can use these as examples.
Data Access cannot be Auto-Provisioned.
![Page 41: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/41.jpg)
Manage Data Access Set
• Full Ledger or Primary BSV
• Ledger or Ledger Set
• Read and Write or Read Only
![Page 42: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/42.jpg)
Auto-Provisioning
Home > Setup and Maintenance > Financials >
Manage HCM Role Provisioning Rules
![Page 43: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/43.jpg)
Role Mapping Rules
As the setup name hints to you, HCM related objects can be used, like Job, Position, Location,
Department, etc. and you can work with BU.
![Page 44: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/44.jpg)
Role Provisioning Rules
Roles are directly assigned to Users.
Roles are not assigned to Jobs or Positions.
This automation helps to create these Role to User assignments based on Conditions.
This functionality works well for HCM Cloud but has limitations for ERP Cloud.
Maintenance effort for these Rules should be assessed and compared to the effort of handling assignments manually.
![Page 45: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/45.jpg)
CoA Segment Security
Ho
me
>
Setu
p a
nd
Mai
nte
nan
ce >
Fin
anci
als
>
Man
age
Ch
art
of
Acc
ou
nts
Val
ue
Sets
![Page 46: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/46.jpg)
Security enabled Value Set
After you
enabled security,
entered Data Security Resource Name and clicked Save…
You can
Edit Data Security
![Page 47: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/47.jpg)
Edit Data Security – Conditions
![Page 48: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/48.jpg)
Edit Data Security – Conditions
Conditions let you define your segment value inclusions, exclusions ranges, etc.
You can even work with Tree Operators…
![Page 49: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/49.jpg)
Edit Data Security – Policies
You can use Policies
to link
Roles to Conditions
(in which you earlier specified your Segments)
![Page 50: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/50.jpg)
Edit Data Security – Policies
![Page 51: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/51.jpg)
Cross Validation Rules
![Page 52: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/52.jpg)
CVR Condition & Validation Filters
Use Conditions for restriction and Validations for exception (within restriction)
![Page 53: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/53.jpg)
CVR Error Message
![Page 54: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/54.jpg)
Create CVRs in Spreadsheet (ADFdi)
![Page 55: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/55.jpg)
Business Intelligence Permissions
![Page 56: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/56.jpg)
BI Report Assignments
Assign Reports to Roles and/or Usersand set Permissions…
![Page 57: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/57.jpg)
BI Permissions
Modify PermissionsforReport to Memberassignments…
Choose from options or customize…
![Page 58: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/58.jpg)
Thank you!
April 8
April 10
April 11
…and do not forget to visit our booth! :-)
![Page 59: Setting Up Security for Oracle ERP Cloud Session ID](https://reader031.vdocuments.mx/reader031/viewer/2022012514/618e168a6257d16d515fa222/html5/thumbnails/59.jpg)
Session ID:
Remember to complete your evaluation for this session within the app!
11063