Fusion HCM User and Role Provisioning

User And Role Provisioning

Role provisioning is associating or linking Data Role to user.

Only Data role and abstract role can be associated with user with some exception with some Job role which we can associate with user also.

Oracle delivered “IT Security Manager” Job role and “Application Implementation Consultant” or “Application Implementation Manager” can be directly assigned to user.

There are mainly 3 role provisioning options, 1) Auto Provisioning 2) Requestable 3) Self-Requestable

With Auto Provisioning of rules “Hire an Employee “ will create an employee record, user account and it will automatically assign roles to user. Similarly Promote and Transfer worker flow can initiate auto provisioning and revoking of the rule.

In Requestable role provisioning we can designate some person in the organization who is authorized to give role to the person requesting role access.

In Self-Requestable being an employee of the organization I can assign whatever role I need access to. This practice is not very common in the industry.

Manage User Task

During implementation when we are creating Data Roles and Security Profile we need to test those rules and security profile. In order to test we need to create users and assign them data role we created for testing. So “Manage Users” task will allow us to create user with minimal information.
After implementation we should create employee which will automatically create user account for that employee.

Create Implementation Users Task

Implementation user account will not be mapped to employee record
Implementation users will be accessing application only for implementation.
Implementation user will not have access to any self service activity or abstract roles.
Implementation users typically administer Oracle fusion applications user and security, manage implementation projects, manage fusion application offerings, setup basic enterprise structure which is needed to implement fusion application offerings.

Q. How to Create Role Provisioning to assign roles to user

Select Hire an Employee

Based on employee information selected roles have been automatically assigned to user through auto provisioning.

Human Capital Management Security Reference

This document provides all Oracle delivered Job roles and Duty roles listing.

Requestable Role Provisioning

When Requestable role provisioning is selected and person record is created his line manager will receive request to approve roles assigned to his user record.

Automatic Role De-provisioning

When employee is initially given role through auto-provisioning and then later if employee is transferred between different organization or any of initially matching criteria has changed and new criteria does not meet for the assigned role then new role is automatically de-provisioned.

Create Employee User for Roles Testing

Then click on (+) sign

Here Role is NOT auto provisioned it is manually added by for the user.

Assigning Area Of Responsibility and Country to Employee

Area of responsibilities is NOT part of security roles (Duty or Job Role) it is separate from Security Profile.

How will employee know who their HR representatives are?

The button highlighted in yellow above will show all HR representatives for employees.

Testing User Password Reset

When we create user for testing we do not use real email address where password can be communicated, se we must reset password for the testing user before that user account can be use for testing.

Select Edit button.

Now log out with current user and log back in with the Test user created.

As per data roles assigned to Testing User, employee list appearing for test user.

Also as per security profiles this user does not have access to “Human Resource US” department.

How To Create Implementation User

During initial implementation Oracle team will grant implementation manager role to one of system implementation team member.
Then implementation manager will grant implementation user account to other implementation team member.