You can control users' access to human resources information by record, window and function.
The responsibility is your primary means of defining security. To define what a user can access you link a user, responsibility and Business Group to a security profile. Other important components of the responsibility are the menu structures, task flows and information types. These also help you limit the employee records a user can access.
Users can sign on to the system only through the responsibilities you give them. So their responsibilities control what they can see and do in the system.
A responsibility is linked to a security profile and composed of:
A menu structure
A request group for reporting users (optional)
Extra information types available to the user
Responsibilities are also linked to business groups. However, depending on which security model you use, you link responsibilities differently.
Standard HRMS Security
You can only link one business group to one responsibility using Standard HRMS security. You must set up different responsibilities for each business group.
Security Groups Enabled Security
You can enable more than one business group for a single responsibility. However, you still only view records for one business group at a time.
Each model enables you to set up multiple responsibilities. You can assign multiple responsibilities to users who need to:
Access applicant, employee, and contingent worker records from two or more security profiles.
Use more than one menu structure to view or make changes to the records they can access.
Access records for more than one business group if you use Standard HRMS security. For example, an enterprise with international operations may have a US-Based business group and a UK-Based business group. A few of your employees might need to access both.
The following key components help control user access to Oracle HRMS:
Security profiles determine the organizations, positions and payrolls whose applicant, employee and contingent worker records responsibility holders can access.
Business Groups determine the set of records a user can access. Using Security Groups Enabled security you can enable one responsibility for many business groups. Using Standard HRMS security you must set up a new responsibility for each business group.
Menu structures and functions control:
The particular windowsand functions a responsibility holder can access
When you create a responsibility, you assign a menu structure to the responsibility. You can assign either a delivered menu or a custom menu. If required, you can restrict access to particular functions or menus using function or menu exclusions.
See: Overview of Menus and Function Security
See: How Function Security Works
Warning: If you exclude a function from a responsibility, a user with the responsibility can no longer access the function from any menu assigned to the responsibility. However, the function may still be attached to a task flow. If this is the case, the user will be able to access the excluded function when working through the task flow sequence. To avoid this situation, you may need to modify your task flows to remove the function.
See: Task Flow
Whether he or she can perform data entry, change or deletion on these windows
You can produce configured versions of some windows. Each configured version enables access to a subset of certain types of information, such as person types, special information types, or elements. You define additional menu functions to call configured windows or task flows, and then you add these functions to a menu structure, which is linked to a responsibility.
Request groups determine the group of processes and reports a responsibility holder can initiate. A request group is an optional component of a responsibility. If holders of a responsibility should not initiate any reports or processes, you do not include a request group in the responsibility.
Extra Information types are an optional component of a responsibility. By defining which extra information types are included in a responsibility, you effectively create a configured version of a window for users who are assigned the responsibility.
Attention: If you do not associate any extra information types with a responsibility, a person assigned to this responsibility will not have access to any extra information types in the product.
For each responsibility, you must also define the user profile option HR:User Type.
If you are using Self-Service Human Resources (SSHR) you can use the Responsibility Ownership functionality to administer and control access to responsibilities by assigning an owner relationship. You can use the Responsibility Ownership functionality in SSHR to display a hierarchy of functions and menus attached to the responsibility and also display information on users of the responsibility. If appropriate, you can revoke access to a responsibility using the self-service interface.