Create a Service Account on Oracle HCM
Create a service account on Oracle HCM with the following required permissions:
- Go to the Security Console, search for the Human Capital Management Integration Specialist Job Role and use Copy Role to create a custom Job role.
- In the Function Security Policies tab, assign the following policies:
- Use REST Service: Workers
- Use ATOM Feed: Employees Workspace
Use REST Service:
Identity Integration (ASE_REST_SERVICE_ACCESS_IDENTITY_INTEGRATION_PRIV )
View User Account (ASE_VIEW_USER_ACCOUNT_PRIV)
Note
The last two permissions are required only for the Get and Update functionality of the User Name and Email.
- In the Data Security Policies section, select Create Data Security Policy to add data security policies to the role.
-
Add the following data policy attributes:
- Name: Choose Person
- Database Resource: Person Detail
- Start Date: System date
- Data Set: Select by instance set
- Condition Name: Access the person for the PER_ALL_PEOPLE_F table for people in the Person and Assignment Security profile.
- Actions: Choose Person
-
Select OK.
-
In Create Data Security Policy add the following data policy attributes:
- Name: Choose Application Reference Territory
- Database Resource: FND_TERRITORIES_B
- Start Date: System date
- Data Set: Select by instance set
- Condition Name: Access the application reference territory for table FND_TERRITORIES_B for countries in the country security profile.
- Actions: Choose Application Reference Territory
-
Select OK, and confirm that the newly created data policies have been assigned to the application role.
- On the Summary and Impact Report section, select Save and Close.
- Execute the Retrieve Latest LDAP Changes process.
- Create a new Data Role from the Manage Data Role and Security Profiles page, which holds only the new custom Job role. Add the security policies as needed.
-
Go to View > Security Profiles > View All to view security criteria and set it as per your requirement.
-
Repeat the steps for rest of the security criteria. Select Next, and then Submit.
-
Create the user account and assign the newly created role to this user account.
- Execute the Retrieve Latest LDAP Changes and Send Pending LDAP Requests processes.
- For a new user, assign the new Data Role that has been created.
- Re-execute the Retrieve Latest LDAP Changes and Send Pending LDAP Requests processes.