Let’s Talk About ‘Security Groups’ functionality available within Oracle HRMS
From 11.5.9 onward in HRMS there are two Security Models as:
- Standard HRMS Security
- Security Groups
Typically Multi-national Companies would be benefited from security as they normally have concept of service centres using multiple business groups and security profiles.
The good and bad in new Security Group Model
The Standard Security Model on Oracle HRMS forces a responsibility to be tied to only one business group/security profile. This means that when new business groups are added a brand new set of responsibilities must be set up for the business group, even if the new set of responsibilities is identical in every respect to existing responsibilities assigned to another business group.Overview of Standard Security Model versus new Security Group Model
The new security group model can cut down dramatically on the number of responsibilities required as it allows responsibilities to be reused by many different business groups.
Here are the key points of how the new security group functionality works.
Please note, that although it is possible in the new security group model to access many business groups through the same responsibility, because of the way users are now assigned to responsibility/security group combinations, an HRMS user can only access the data in one business group at any one time.This can be best understood in next section.
- Every time a business group is created a new security group of the same name is also created.
- Security profiles are defined the same way they are now. There is no change in this functionality.
- Form Assign Security Profile is activated under the new security model. This form allows a user to be linked to a security profile, responsibility, security group (business group) combination.
- Profile option HR: Business Group is no longer set manually for HRMS responsibilities. This profile option will be set dynamically when a user selects a responsibility/security group combination at logon.
- Profile option HR: Security Profile is no longer set manually for HRMS responsibilities. This profile option will be set dynamically when a user selects a responsibility/security group combination at logon.
- The \Security\User Define Screen in the System Administrator responsibility is no longer user to assign HRMS responsibilities to users as this is now done in the new Assign Security Profile screen.
Lets try to understand by a simple diagram below, what is here is 3 BU defined in global instance representing three BU X-Singapore, X- Australia and third one X-UK. The simple diagram below shows the difference in responsibility set-ups associated with each model.
In the standard security model when a user logs on or decides to change responsibility the list of responsibility names they have access to are presented to them to select from. In the security group model when a user logs on or decides to change responsibility the list of responsibility names and the associated security group (i.e. business group) assigned to the user are presented to the user to select from. This difference can be best described as:
3 steps away to switching to the new security model
The steps required to switch to the new security model are as follows;
- Profile option HR: Cross Business Group should be set to "Yes".
- Profile option Enable Security Groups must be set to "Service Bureau"
- Concurrent request Enable Multiple Security Groups must be run.
No comments:
Post a Comment