Approach 1 - Role-Based Configuration

The following minimum permissions are required to perform operations:

Note
These permissions do not aggregate the ManagerAssignmentId attribute. Refer to Approach 2 - Using the Integration Specialist Role for those permissions.

Step 1: Create an HCM Duty Role

  1. Go to Tools > Security Console > Roles > Create Role.

  2. Set the Role Category to HCM - Duty Roles.

  3. Under Function Security Policies, add the permissions listed in the following table:

    Operation

    Required Permission

    Single Account Aggregation

    Use REST Service - Collective Agreements List of Values

    Use REST Service - Identity Integration

    Use REST Service - Workers

    View Person

    View User Accounts

    Update Account

    Use REST Service - Workers

    Use REST Service - Collective Agreements List of Values

    View User Account

    Use REST Service - Identity Integration

    Delta Aggregation

    Use Atom Feed - Employees Workspace

Note
The View Person and View User Accounts permissions are required to fetch the USER_NAME attribute.

Step 2: Create an HCM Job Role

  1. Go to Tools > Security Console > Roles > Create Role.

  2. Set the Role Category to HCM - Job Roles.

  3. Under Data Security Policies, create the policies listed in the following table:

    Policy Name

    Data Resource

    Privilege (Actions)

    Condition

    Address

    Person Address for Table PER_ADDRESSES

    Manage Person

    Access the person for table PER_ADDRESSES for people and assignments in their person and assignment security profile

    Choose Business Unit Organization

    Organization for Table HR_ALL_ORGANIZATION_UNITS_F

    Choose Business Unit Organization

    Access the business unit for table HR_ALL_ORGANIZATION_UNITS_F for business units in their organization security profile

    Choose Business Unit Organization

    Organization for Table HR_ORG_UNIT_CLASSIFICATIONS_F

    Choose Business Unit Organization

    Access the business unit for table HR_ORG_UNIT_CLASSIFICATIONS_F for business units in their organization security profile

    Choose Department

    Organization for Table HR_ALL_ORGANIZATION_UNITS_F

    Choose Department

    Access the business unit for table HR_ALL_ORGANIZATION_UNITS_F for business units in their organization security profile

    Choose Department

    Organization for Table HR_ORG_UNIT_CLASSIFICATIONS_F

    Choose Department

    Access the business unit for table HR_ORG_UNIT_CLASSIFICATIONS_F for business units in their organization security profile

    Choose Legal Employer

    Organization Detail for Table HR_ORGANIZATION_INFORMATIO_EFC

    Choose Legal Employer

    Access the legal employer for table HR_ORGANIZATION_INFORMATIO_EFC for legal employers in their organization security profile

    Choose Legal Employer

    Organization for Table HR_ALL_ORGANIZATION_UNITS_F

    Choose Legal Employer

    Access the business unit for table HR_ALL_ORGANIZATION_UNITS_F for business units in their organization security profile

    Choose Legal Employer

    Organization for Table HR_ORG_UNIT_CLASSIFICATIONS_F

    Choose Legal Employer

    Access the business unit for table HR_ORG_UNIT_CLASSIFICATIONS_F for business units in their organization security profile

    Choose Legal Employer

    Organization for Table HR_ORG_UNIT_CLASSIFICATIONS_F

    Choose Legal Employer

    Access the business unit for table HR_ORG_UNIT_CLASSIFICATIONS_F for business units in their organization security profile

    Choose Person Type

    Person Type for Table PER_PERSON_TYPES

    Choose Person Type

    Access the person type for table PER_PERSON_TYPES for any person type

    FND_TERRITORIES_B

    FND_TERRITORIES_B

    Read

    Access the application reference territory for table FND_TERRITORIES_B for countries in their country security profile

    PER_ALL_ASSIGNMENTS_M

    Person Work Terms Assignment

    Manage Direct Reports; View Assignment Summary; Report Assignment; Manage Person Assignment; View Work Relationship

    Access the person assignment for table PER_ALL_ASSIGNMENTS_M for people and assignments in their person and assignment security profile

    Person Detail

    Person Detail

    View Person Assignment; Choose Person; View Person Address; View Person Communication Method; View Person Contact; View Person Number; Search Person Live Data

    Access the person for table PER_ALL_PEOPLE_F for people and assignments in their person and assignment security profile

    Person Extra Information

    Person Extra Information

    View Person

    ORA_PER(300000000324293):HCM:PER:PER_PEOPLE_EXTRA_INFO_F:View All Workers

    Person Name

    Person Name

    View Person Name

    All values

    Person National Identifier

    Person National Identifier

    View Person National Identifier

    All values

    Person Phone

    Person Phone

    View Person Phone

    All values

    Public Assignment

    Public Assignment

    Choose Public Person

    Access the public assignment for table PER_ASSIGNMENTS_V for people and assignments in their public person and assignment security profile

    Public Person

    Public Person

    Choose Public Person

    Access the public person for table PER_PERSONS for persons and assignments in their person and assignment security profile

    View Position

    Position for Table HR_ALL_POSITIONS_F

    Choose Position; View Position

    Access the position for table HR_ALL_POSITIONS_F for positions in their position security profile

    Work Relationship

    Work Relationship

    Choose Worker; View Work Relationship; View Employment Information Summary; View Employment Termination; Search Worker;

    All values

    person work term

    Person Work Terms Assignment

    View Employment Information Summary; View Work Relationship; View Person Extra Information; View Future Assignment Changes; View Worker Availability; View Employment Termination; View Person Assignment

    All values

    View Position

    Position for Table HR_ALL_POSITIONS_F

    Choose Position; View Position

    Access the position for table HR_ALL_POSITIONS_F for positions in their position security profile

    Work Relationship

    Work Relationship

    Choose Worker; View Work Relationship; View Employment Information Summary; View Employment Termination; Search Worker

    All values

    Person Work Term

    Person Work Terms Assignment

    View Employment Information Summary; View Work Relationship; View Person Extra Information; View Future Assignment Changes; View Worker Availability; View Employment Termination; View Person Assignment

    All values

  4. Under Role Hierarchy, include the HCM Duty Role you created in step 1.

  5. Select Next, then Submit.

  6. Go to Tools > Scheduled Processes > Retrieve Latest LDAP Changes and Send Pending LDAP Requests to execute the processes. 

Step 3: Create an HCM Data Role

  1. Go to My Client Groups > Workforce Structures > Data Roles and Security Profiles.

  2. Select Create, and assign a name as required.

  3. In Inherited Job Role, select the HCM Job Role you created in step 2.

  4. Set the following:

    • Country Security Profile: View All Countries

    • Organization Security Profile: View All Organizations

    • Position Security Profile: View All Positions

    • Person Security Profile: View All People

    • Public Person Security Profile: View All People

  5. Select Submit.

  6. Go to Tools > Scheduled Processes > Retrieve Latest LDAP Changes and Send Pending LDAP Requests to execute the processes.

Step 4: Create a User and Assign the HCM Data Role

  1. Go to Tools > Security Console > Users > Add User Account, then enter the user information.

  2. Select Add Role, and assign the HCM Data Role you created.

  3. Go to Tools > Scheduled Processes > Retrieve Latest LDAP Changes and Send Pending LDAP Requests to execute the processes.