Self-service applications use the same security mechanisms as Oracle HRMS applications. By defining user profiles, security profiles, responsibilities, and menu structures, you can control who uses the self-service applications, which information they can access, and how they access it.
See: Security Overview
The purpose of this chapter is to identify the key concepts relating to self-service user access and security and to provide information on how to apply these concepts to address the needs of your enterprise.
A responsibility combines low-level elements of user access configuration to control which functions the user can access (User Access to Functions) and on whom they can perform these actions (see User Access to People).
You define responsibilities in the same way as you define responsibilities for Oracle HRMS applications.
Note: When you define your responsibilities, make sure they are available from Oracle Self-Service Web Applications.
You define users for iRecruitment managers in the same way as you define users for other Oracle HRMS applications.
See: Users Window (Oracle E-Business Suite Security Guide)
The Person field of the Users window is important for self-service applications as it acts as the link between the professional forms interface and the self-service application. This link enables the application to recognize who is using iRecruitment. For example, if a user's name is entered in the Person field, the user's name is displayed on the homepage.
You do not need to create users for registered users (candidates). These users create their own user IDs and passwords using the Registration function. When site visitors become registered users by creating their user ID and password, their name is automatically entered in the Person field of the Users window.
If, however you do need to create external candidates manually, then you must associate the user with a person in the Person field of the Users window and assign the iRecruitment External Candidate responsibility along with the relevant permission sets.
You apply user profiles to control how self-service applications run. You can set profile options at site level, application level, responsibility level, and user level.
See: Profile Options
See: User Profiles
iRecruitment uses security profiles to control a user's access to vacancy information and their ability to create vacancies. By assigning the appropriate security profile, you can determine the business groups and organizations in which a manager or recruiter can create vacancies.
Attention: If you do not define security profiles, then everyone in your enterprise can view vacancies. To control access to iRecruitment, you must create security profiles.
See: Security Profiles
Managers and Recruiters
You should always create security profiles to control manager and recruiter access to vacancy information. For example, you could set up a supervisor-based profile which would restrict managers and recruiters to viewing only the vacancies that are managed by people within their supervisor hierarchy. The supervisor-based security profile dynamically generates the list of vacancies based on the supervisor hierarchy (starting with the current user).
Note: If required, you can override the top-level user in the supervisor hierarchy by specifying a user in the Named User field of the Security Profile window.
Supervisor-based security allows you to set up a single security profile and use it for multiple users. To activate supervisor-based security, flag the Restrict by Supervisor check box in the Security Profile window.
If you set up a global security profile, then you can create and manage vacancies in multiple business groups.
See: Security Profiles
See: Defining a Security Profile
Create Additional Security for Vacancies
In addition to the security managed using a security profile, managers and recruiters can define additional security for the vacancy when creating a vacancy. See: Vacancy Security
Registered Users and Site Visitors
Registered users and site visitors can access vacancy information for all vacancies so there is no need to set a security profile for registered users or site visitors, if a single visitor page is configured.
Managers can view applications to the vacancies that they manage and also access other vacancy applications submitted by applicants based on their security profile, if you set the IRC: Show Applications profile option to Default. For example, John Smith who manages the Plant Manager vacancy is assigned the supervisor security profile. Scott Bird, who is an applicant submits job applications to the Plant Manager vacancy and two other vacancies. When John reviews applications to the Plant Manager vacancy, and navigates to the Candidate Details page of Scott Bird, he can view the application to the Plant Manager vacancy and also access job applications to the other two vacancies.
To restrict managers' access to applications for vacancies that they manage, select the Restrict on Assignment Security value in the IRC: Show Applications profile option. See: Profile Options
You must also select the Restrict on Individual Assignments option in the Security Profiles window when you are setting up security to restrict managers access to the vacancy that they manage. For more information, see: Defining a Security Profile
Therefore, in the example, if both the security profile and profile option are set appropriately, then John Smith can only access the job applications for Plant Manager vacancy and cannot access the other job applications submitted by Scott Bird.
If required, set the HR: Enable RTM Security profile option to the iRecruitment Manager or iRecruitment Recruiter responsibility to enable users who require access to applicants to view their application and other details. The user can be anyone who is involved in the recruitment process.
See: Profile Options
User access to the personal information of candidates is defined by the candidates themselves. When site visitors register with iRecruitment and become registered users (candidates), they can choose whether their information should be made available to your managers. If they choose to publish the information, it is made available to all iRecruitment users with access to the manager functions.
If a candidate does not choose to publish their information, it can only be seen by the managers and recruiters who access the vacancies for which they have applied.
Note: Registered users (candidates) can only access their own personal information.
You can control which functions employees, managers, and recruiters can access by creating function exclusions at the responsibility level.