Create a Service Account on Oracle HCM

Create a service account on Oracle HCM with the following required permissions:

  1. Go to the Security Console, search for the Human Capital Management Integration Specialist Job Role and use Copy Role to create a custom Job role.
  2. In the Function Security Policies tab, assign the following policies:
    • Use REST Service: Workers
    • Use ATOM Feed: Employees Workspace
    • Use REST Service:

      • Identity Integration (ASE_REST_SERVICE_ACCESS_IDENTITY_INTEGRATION_PRIV )

      • View User Account (ASE_VIEW_USER_ACCOUNT_PRIV)

      Note
      The last two permissions are required only for the Get and Update functionality of the User Name and Email.

  3. In the Data Security Policies section, select Create Data Security Policy to add data security policies to the role.
  1. Add the following data policy attributes:

    • Name: Choose Person
    • Database Resource: Person Detail
    • Start Date: System date
    • Data Set: Select by instance set
    • Condition Name: Access the person for the PER_ALL_PEOPLE_F table for people in the Person and Assignment Security profile.
    • Actions: Choose Person
  1. Select OK.

  1. In Create Data Security Policy add the following data policy attributes:

    • Name: Choose Application Reference Territory
    • Database Resource: FND_TERRITORIES_B
    • Start Date: System date
    • Data Set: Select by instance set
    • Condition Name: Access the application reference territory for table FND_TERRITORIES_B for countries in the country security profile.
    • Actions: Choose Application Reference Territory
  2. Select OK, and confirm that the newly created data policies have been assigned to the application role.

  1. On the Summary and Impact Report section, select Save and Close.
  2. Execute the Retrieve Latest LDAP Changes process.
  3. Create a new Data Role from the Manage Data Role and Security Profiles page, which holds only the new custom Job role. Add the security policies as needed.
  4. Go to View > Security Profiles > View All to view security criteria and set it as per your requirement.

  5. Repeat the steps for rest of the security criteria. Select Next, and then Submit.

  6. Create the user account and assign the newly created role to this user account.

  7. Execute the Retrieve Latest LDAP Changes and Send Pending LDAP Requests processes.
  8. For a new user, assign the new Data Role that has been created.
  9. Re-execute the Retrieve Latest LDAP Changes and Send Pending LDAP Requests processes.