To restrict access to workflow transactions:You can restrict a workflow administrator's access to specific workflow transactions, depending on your business requirements. To restrict access to workflow transactions, you create a grant for the Workflow Item Attribute Values object using the Functional Developer responsibility.
Prerequisites
Before you define restrictions to access workflow transactions, ensure that you:
Set up users and responsibilities to use Oracle SSHR.
Assign the Workflow Administrator responsibility to users to monitor workflow transactions.
Set up security profiles to give access to restricted set of information.
Set the HR: Security Profile option at the responsibility level for the Workflow Administrator responsibility.
To restrict access to workflow transactions:Log on to the Functional Developer responsibility.
Search for the predefined Workflow Item Attribute Values (WF_ITEM_ATTRIBUTE_VALUES) object.
Click the Update icon to navigate to the Update Object page.
Click Create Grant on the Grants tab to initiate the creation process and to define the grant.
On the Define Grant page, enter the following details:
In the Name field, enter a descriptive name for the grant.
Specify the effective date for the grant. Navigate to the Security Context region to define the context to apply the grant.
In the Grantee Type field, you can select a single user, a role, or global (all users and roles).
In the Responsibility field, specify a Workflow Administrator responsibility to apply the grant to that responsibility.
In the Object field, select the delivered object Workflow Item Attribute Values
Note: Oracle provides the Workflow Item Attribute Values object to restrict access to workflow transactions.
On the Grant: Select Object Data Context page, select the HR Self-Service Selected Person ID Instance Set (HRSS_WF_ATTR_PERSONID_INSTSET) to create a data set that grants access to a specific instance in the object table.
On the Grant: Define Object Parameters and Select Set page:
Review the definition of the grant.
In the Set field, enter the delivered Business workflow item attribute permission set (WF_ADMIN_ITEM_ATTR_PSET) to define the grantee's access.
Click Finish to complete the grant creation process. The designated workflow administrators can administer only the workflow transactions that they can access.
You must repeat these steps for each workflow administrator responsibility that you want to review and maintain.
Note: If users in your enterprise perform multiple roles such as a workflow administrator and a HR manager, then ensure that the users have the appropriate workflow responsibility to view their workflow transactions. For example, as a workflow administrator, the user must be able to view HR transactions.