Security Profiles

Query to get security profiles and its assigned orgs.

select pspv.business_group_id, pspv.business_group_name,
pspv.security_profile_id, pspv.security_profile_name,
psov.organization_id, psov.organization_name
from
per_security_profiles_v pspv,
per_security_organizations_v psov
where
pspv.security_profile_id = psov.security_profile_id;

******************************

How to assign security profile to a user in Oracle HRMS

Navigation:- Global HRMS Manager --> Security --> Assign Security profiles

When you will try to open the form, you will get the following error:

APP-PER-52928: You cannot use this form when using Standard HRMS Security.

What to do??

If you don't want to use standard security and want to implement security through security profiles, you need to set a profile option.

Enable Security Groups Profile option to Yes.

NOTE:

If profile option "Enable Security Groups" is disabled, then you need to first make it visible and updatable. 

Navigation: System Administrator --> Requests --> Define Profile Options

After opening the form, search for "Enable Security Groups" and make it visible and updatable on the levels according to your requirement. Please see the details in the screenshot.

After enabling the profile option, go to Profile System values and search for "Enable Security Groups" at your desired level and enable it.

Details are shown in screenshot below.

Now again navigate to Global HRMS Manager --> Security --> Assign Security profiles

Now we need to run Security List Maintenance Concurrent Program to see the reflected changes.

After you have created a security profile and had attached it to the user. you need to run the concurrent program"Security List Maintenance"

Navigation:- Global HRMS Manager --> View --> Submit a new Request

Parameters:

Effective Date: Select the effective date on which you want to run this concurrent program(Optional).

Generate lists for: Multiple options are available. select any according to your requirement.

Business Group: You can select a business group, if there are multiple business groups in your corporation/company.

Security Profile: You can run it for a specific security profile.

Process: You can run program only active employees, active and terminated employees or terminated employees only.

Static user processing: 

• Whether to run the process for all static users or only those users selected for inclusion in the next processing run (selected on the Static Users tab of the Security Profile window).

NOTE:

Changes take effect when this concurrent program is run. But if any change occurs after it, you need to re-run this concurrent program. The best way to do is to schedule this request usually at mid-night.

So any changes occurred to employees will be shown automatically.

*************************************************************************

Position Security in Security Profiles in Oracle HRMS

2) Position Security

As explained earlier in Security Profiles about Organization Security, you can also secure/limit your information according to position hierarchy.

Below is an example in the screenshot.

Position Hierarchy: Information can be limited by using a position hierarchy. 

Specify Top Position: In that hierarchy, you can also select a top position, even if you want to limit the information from second level position.

Include Top Position:Check if you want to include top position in the information.

After having created the profile and assigned it to the user, you need to run "Security List Maintenance" concurrent program for changes to take effect. Check

3) Payroll Security

NOTE:

You can restrict access to employee records by payroll. For example, you can give payroll staffs who work on the payroll at a particular location access to records of employees on this payroll only.

Controlling security by payroll assignment limits the employee records users can see and update on employee-related windows, such as those for employee information, and element entry.

 Payroll security is not available for contingent workers since they are not assigned to a payroll.

Visual illustration is in the screenshot below.

As pointed by arrow in screenshot, you can select one or multiple payrolls to secure your information.

View All Payrolls: if you want to select one or multiple payrolls, this check-box must be unchecked.

Include: if you want to select one or multiple payrolls, this check-box must be checked, you may select at least one payroll. But both View All Payrolls and Include Check-boxes can remain checked simultaneously.

After having created the profile and assigned it to the user, you need to run "Security List Maintenance" concurrent program for changes to take effect. Check

***********************************************************************************************************

Supervisor Security in Security profiles in Oracle HRMS

4) Supervisor Security

Note: 

If you choose to use supervisor hierarchy,

you must also set the HR: Supervisor Hierarchy Usage profile option. 

This profile defines how supervisor hierarchies are built. 

You can choose whether to create person-based or assignment-based supervisor hierarchies.

    1.  Person-based supervisor hierarchy

    A person-based supervisor hierarchy is a hierarchy based on a person's supervisor and direct reports.

    2.  Assignment-based supervisor hierarchy

   

     You also specify the supervisor assignment number for a person and the security   processes use thisassignment to generate an assignment-based supervisor hierarchy.

   

Note: When you set up security based on supervisor hierarchies, the list of employees visible to a user is usually generated at the start of the session. Therefore, for profiles that only restrict access by supervisor there is usually no need to run the Security List Maintenance process.

After having created the profile and assigned it to the user, you need to run "Security List Maintenance" concurrent program for changes to take effect. Check

*****************************************************************************************************************

Custom Security in Security Profiles in Oracle HRMS

5) Custom Security

Options available in this region are

• Restrict the people visible to this profile

• Restrict the people visible to each user using this profile

Enter a valid SQL WHERE clause fragment to select a group of records. For example, to add a restriction that assignments must have a grade starting with S e.g. Staff, and employee number should start with F, considering employee number conventions as e.g FFL-00001, PFL-00001. add the following SQL fragment:

ASSIGNMENT.GRADE_ID IN

(SELECT GRADE_ID FROM  PER_GRADES PG

WHERE  PG.NAME LIKE 'S%')

AND ASSIGNMENT.ASSIGNMENT_NUMBER IN

(

SELECT ASSIGNMENT_NUMBER FROM PER_ASSIGNMENTS_F

WHERE ASSIGNMENT_NUMBER LIKE 'F%')

Note: In addition, the View Employees or View Contingent Workers option is set to Restricted, and the "Restrict the people visible to each using this profile" option is set on the Custom Security tab.

After having created the profile and assigned it to the user, you need to run "Security List Maintenance" concurrent program for changes to take effect. Check

Thanks for the kind information from:
http://waqasora.blogspot.com/2012/11/security-profiles-in-oracle-hrms.html.