Found 417 results.
Excited to sponsor Oracle CloudWorld Tour Mumbai on Feb 14th 2024—meet our experts for business solutions.
Discover how to implement controlled access to Oracle's HCM Data Loader through custom roles and business object restrictions
The document covers two relevant tasks required to provide controlled access to the users for HCM Data Loader.
1. Scenario 1: To create a custom role to access the HCM Data Loading Functionality as introduced in 23C.
2. Scenario 2: Restricted Access to HCM Data Loader based on Business Objects as introduced in 23D.
To give privilege to a user to access HCM data Loader functionality, the predefined role Human Capital Management Integration Specialist could be given. However, this role has extreme potency which exposes the user to access multiple other features including HCM extracts and HDL Spread Sheet Loader even if it is not required. So, to restrict the access solely to HCM Data Loader, Oracle has newly introduced a duty role HCM Data Load in 23C. User assigned with this role could be given access exclusively to HCM data loading functionality under the ‘Data Exchange’ functional Area.
a) Navigate to the Home page> Tools> Security Console> Roles> Select an already existing role/Create a custom job role.
Fig.1: Scenario1-HCM role creation
b) In the function Security Policy, add the privilege ‘Load HCM Security Data’ if the business object to be loaded is security related such as Areas of Responsibility, Person/Organization security profile, and so on. Click on next to continue.
Fig.2: Scenario1-HCM role creation
c) Navigating to the role hierarchy
| HCM Data Load | Tasks within the HDL work area |
| Submit data for importing via file-based integration for Human Capital Management | HCM/Dataloader/(Import/Export)directory in WebCenter Content server |
| HCM/Dataloader/(Import/Export)directory in WebCenter Content server |
Fig.3: Scenario1-HCM role creation
d) Click ‘Next’ to save the role.
Navigate to Home page> Tools> Security Console> Users> Select a user>Add Role>Done
Fig.4: Scenario1-HCM role assigning to user
Login as the new user. Navigate to My Client Groups> Data Exchange to view the HDL functionalities.
Fig.5: Scenario1-validating result
Fig.6: Scenario1-validating result
The User can solely access the HDL functional area with full accessibility to view and load the data for all the business objects. The role hence imposes limits on other features in the ‘Data Exchange’ service.
Oracle has introduced a new feature in 23D to restrict HDL data loading by business objects. Upon configuring this, the user would not have the privilege to load the business objects which are restricted to the role assigned to him.
To achieve this, follow step 1 in Scenario 1 (eg: Custom Role Name: ‘aa_HCM DATA LOAD_RESTRICTED CUSTOM ROLE’)
To perform this step, navigate to Setup and Maintenance> Functional Area: HCM data Loader> Configure HCM Data Loader>Navigate to the following Parameters:
a) Enable Configuration of Role-Based Business Object Access> Override the default value by choosing ‘Yes’.
b) Restrict Access to Security Related Business Objects > Set the Override value to ‘Yes’.
Note: This is required only if the access ought to be given for security-related business objects.
Fig.7: Scenario2-HDL restriction activation
The configuration could proceed a) By Role and b) By Business Objects. Note that both the method results in the same outcome.
Fig.8: Scenario2-HDL restriction activation
Navigate to Setup and Maintenance>HCM Data Loader Business Object Access>By Role. Under Job and Abstract Role >Navigate to the created custom role eg: ’aa_HCM DATA LOAD_RESTRICTED CUSTOM ROLE’ > Assigned Business Object> Assign.
Assign Individual Business Objects>Search and select the business object (eg: Worker) >Save and close.
Fig.9: Scenario2-HDL restriction by business object
Note: For the current example, the option ‘Assign individual business Object’ is utilized. The business object ‘Worker’ is selected. The employee assigned to this role will have the privilege to upload only worker business objects.
Fig.10: Scenario2-HDL restriction by product area
Assign All Unrestricted Business Objects> Warning message pops up> Add >Save and close.
Fig.11: Scenario2-HDLall unrestricted business objects
Assign All Business Objects, Including Security-Related Objects > Warning message pops up> Add >Save and close.
Note: To load security-related business objects, it is required to add the function security policy ‘Load HCM Security Data’ while creating the custom role in Scenario 1.
Fig.12: Scenario2-HDL all security-related business objects
Fig.13: Scenario2-HDL based on business objects
Fig.14: Scenario2-assigning to user
Navigate to Home page> Tools> Security Console> Users> Select a user> Add role> Done
Fig.15: Scenario2-HDLselecting business objects
Log in as the user to the home page. Navigate to My Client Group> Data Exchange> View Business Objects> Download the template. DAT file. Under My Client Group> Data Exchange> Import and Load Data> Import File> Try to load multiple business objects. eg: ‘Grade’ and ‘Worker’.
Fig.16: Scenario2-Loading Business object through HDL
Upon loading, the ‘worker’ completes import and load. However, ‘Grade’ shows a warning message and fails to import. An error appears in the data set stating the User does not possess the required privilege to load this business object.
Fig.17: Scenario2-validating the result
In conclusion, implementing controlled access to the HCM Data Loader via custom roles and business object restrictions provides significant advantages for organizations using Oracle’s HCM platform. This structured approach enhances security and operational efficiency by tailoring access permissions, ensuring users interact only with essential functionalities aligned with their roles. By creating custom roles and configuring access based on business objects, organizations can mitigate risks associated with unauthorized access while streamlining processes. However, it’s crucial to acknowledge limitations such as potential challenges in nuanced access permissions for similar roles and complexity in managing configurations at scale. Despite these challenges, continuous evaluation and refinement of access control mechanisms enable organizations to maintain a robust and secure HCM environment tailored to their evolving needs.
Author: Reshma P Eldho, Associate Oracle HCM Consultant
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
