This guide walks Oracle Fusion Cloud administrators through the end-to-end process of creating a custom role from a seeded role and assigning it to a user.
Audience: System
Administrators, Security Administrators, IT Consultants
Prerequisites: IT Security Manager or Application Implementation Consultant role required.
Section 1: Understanding Roles in Oracle Fusion Cloud
Oracle Fusion Cloud uses a Role-Based Access Control (RBAC) model. Every action a user can perform - and every piece of data they can see - is governed by roles assigned to their user account.
1.1 Role
Types
|
Role Type |
Description |
Example |
|
Job Role |
Assigned directly to users; represents a job function |
Accounts Payable Manager |
|
Duty Role |
Aggregates function security policies for a task area |
Manage Supplier Invoices |
|
Abstract Role |
Provides baseline access for a broad group |
Employee, Line Manager |
|
Data Role |
Scopes access to specific data sets / business units |
Payables Manager – BU France |
1.2 Why
Copy a Seeded Role Instead of Modifying It?
By copying a seeded role you:
- Preserve Oracle's original role definition untouched
- Protect customizations from being overwritten during quarterly updates
- Maintain a clear audit trail of custom vs Oracle-delivered access
- Use Oracle's tested privilege set as a secure starting point
1. Navigate to the Security Console
The Security Console is Oracle Fusion's central hub for all
role and user security configuration.
- Log in to your Oracle Fusion Cloud environment as an administrator.
- Click the Navigator icon in the top-left of the home page.
- Expand the Tools section in the navigator menu.
- Click Security Console to open it.
You can also access the Security Console by typing 'Security Console' in the Oracle Fusion search bar at the top of any page.
2. Navigate to the Roles Tab and Search for the Seeded Role
- Click the Roles tab in the Security Console header.
- In the search bar, type the name of the seeded role you want to copy. For example: Order Entry Specialist or Procurement Manager.
- Press Enter or click the Search icon.
- The matching roles will appear in the search results below.
3. Copy the Seeded Role
- In the search results, locate your target seeded role.
- Click the dropdown arrow (▼) next to the role name in the search results.
- Select Copy Role from the dropdown menu.
- The Copy Options dialog box will appear. Select Copy top role (recommended - this copies only the top-level role and inherits all child duty roles and privileges by reference, keeping the role hierarchy clean).
- Click the Copy Role button in the dialog to proceed.
4. Enter Basic Information for the Custom Role
- In the Role Name field, enter a meaningful name for your custom role.
- In the Role Code field, enter a unique code. Avoid starting with 'ORA_' - this prefix is reserved for Oracle seeded roles. Example: ASP_PO_PROCUREMENT_MANAGER.
- Select the appropriate Role Category. For most business user roles, this will be the relevant module followed by '– Job Roles', e.g., Procurement – Job Roles.
- Enter a meaningful Description that explains the role's purpose and the business requirement that prompted its creation.
- Click Next or click Step 2 in the wizard navigation at the top to proceed.
5. Review and Modify Function Security Policies
- Locate the policy you want to remove and click the X / Remove icon next to it.
- Confirm the removal when prompted.
- Click + Add Function Security Policy.
- In the search dialog, type the privilege name or code.
- Select the privilege from the results and click OK.
6. Review the Role Hierarchy
- Click Step 3 – Role Hierarchy in the wizard.
- Review the list of inherited roles. These are the duty roles that provide the grouped privileges.
- You can add additional duty roles by clicking '+ Add Role' if the business requirement needs more access.
- You can remove inherited duty roles if the copied seeded role has more access than required.
7. Review Summary and Submit
- Navigate to Step 7 - Summary by clicking it in the wizard header.
- Review the summary showing counts of added and removed policies:
- Function Security Policies: Added (x), Removed (x)
- Data Security Policies: Added (x), Removed (x)
- Role Hierarchy: Added (x), Removed (x)
- Users: Added (x), Removed (x)
- If everything looks correct, click Submit and Close.
- Oracle Fusion will begin the role copy process in the background. This may take a few minutes.
Monitor the Role Copy Status:
- In the Security Console, click the Administration tab.
- Click Role Copy Status.
- Find your role code in the list and verify that the Status column shows Complete.
- In the Security Console, click the Users tab.
- In the search bar, type the user's name, username, or email address.
- Press Enter or click Search.
- Click the user's name in the search results to open their user account.
- On the user's detail page, click Edit and locate the Roles section.
- Click Add Role.
- In the role search dialog, type the name or code of your newly created custom role.
- Select the role from the search results.
- Click Add Role Membership and Done to confirm.
- After adding the role, click Save and Close on the user record.
- Oracle Fusion will provision the role to the user. This may take a few minutes to propagate.
- Return to Security Console → Users and search for the same user.
- Open the user record and scroll to the Roles section.
- Confirm your custom role appears in the list with the correct effective dates.
No comments:
Post a Comment