For more information, please refer to this announcement explaining best practices for getting answers to questions.
Each time role is regenerated we lose configurations and must manually update over 60 policies
Summary:
We’ve been using Oracle Cloud since 2016. Initially, we faced challenges in restricting certain data access for our HR team. For example, we didn’t want HR personnel to view compensation details for other HR employees. Since we couldn’t achieve this, we created separate person security profiles to isolate these employees, allowing only specific members of our data team to access sensitive information.
This approach has been limiting for our HR team, and there’s now an initiative to enable HR to perform basic transactions for HR and Executive employees—without access to compensation, salary details, talent profiles, or performance documents. We’ve attempted to resolve this using security roles and data policies, but each time the role is regenerated, we lose the configurations and must manually update over 60 policies to switch from a "View All" profile to the restricted HR/Exec profile. This process is time-consuming and inefficient.