Oracle Fusion HCM Analytics

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

Restriction of data in reports - security in FDI

Accepted answer
300
Views
13
Comments
Lauriane Massin Whitaker
Lauriane Massin Whitaker Rank 6 - Analytics Lead
edited September 2024 in Oracle Fusion HCM Analytics

Hi,

I just had a request from my client asking me to make sure that the reports we already created will be available for different kinds of managers, making sure these persons can only see their direct employees.

The lowest level or org structure of this company is AGENCIES (they are part of the legal entities).

<screen-shot removed as it contained cutomer specific data>

For example, when the Manager of FRIEDLANDER AMIENS will access the console and check the data for septembre, he will only be able to see the 1st line of the report and not the other ones (douvrin, dunkerque, etc).

I read that FDI inherits the roles from HCM.

So here are my questions :

  • Can I produce this overall report (including all the agencies of the company) or do I need to produce one report for each agency… ? (idea I clearly do not like…).
  • How can I make sure the manager will only be able to see his agency data ? How can I restrict it ?

I read that the security in FDI requires 9 steps (creation of an ADW security custom table, etc), can someone be more specific ?

I also read that a csv file can be upload with the roles in the company in this ADW table ?

Thank you very much for your help…

Regards,

Lauriane

Tagged:

Best Answers

«1

Answers

  • Lauriane Massin Whitaker
    Lauriane Massin Whitaker Rank 6 - Analytics Lead
    edited September 2024

    Hi, thank you very much.

    But if we don't want to limit the subject areas, and just limit what a manager can see in a report already created, is there anything else we could do without going to ADW, SME, etc ?

    <screen-shot removed as it contained cutomer specific data>

    Here, typically, I am connected as ADMIN 01 who has a certain number of employees below. I would like to be able to see only my lines as ADMIN01… and not the employees or data from the other managers.

    Thank you in advance.

    Regards,

    Lauriane

  • Lauriane Massin Whitaker
    Lauriane Massin Whitaker Rank 6 - Analytics Lead

    Thank you very much.

    Here is what I've done : I've created a group in OCI called "Responsable d'agence" - (Agency Manager). I put in this group a test user from my hcm test env who is supposed to have 10 employees under him.

    In FAW, I've assigned him to line manager role

    So that user only has the Line Manager App Role.

    But when I log in the console and try to access a report I'm still able to see the other managers' line…

    Am I missing sth ?

    Thank you

  • Hi @Lauriane Massin Whitaker

    Please only assign following role - For Human Capital Management, the data security is based on the line manager hierarchy defined in Oracle Applications Cloud for the user having the Line Manager role.

    https://docs.oracle.com/en/cloud/saas/analytics/24r3/fahia/chapter-subject-areas.html#GUID-8A03A7C1-6617-467C-A3B9-0AD8E50CC63F

    OA4F_HCM_LINE_MANAGER_DATA Oracle Fusion Analytics Warehouse HR Line Manager Data Role Human Capital Management data security policy for the supervisor hierarchy. Workforce

  • Lauriane Massin Whitaker
    Lauriane Massin Whitaker Rank 6 - Analytics Lead

    Hi,

    Does that mean that in HCM, all my line managers have to have this specific role assigned?

    Because no one has this role.

    Also, we found that there was a parameter variable at the level report, can't we just use that to limit the access of the data content by line ?

    Thank you

  • Hi @Lauriane Massin Whitaker

    yes Line Manager role needs to be assigned to all line-managers to apply Line Manager security where person_id should be manager_type='LINE_MANAGER'

    regards,

    -Rajesh

  • Orange
    Orange Rank 5 - Community Champion

    Hi @Lauriane Massin Whitaker ,

    I noticed the user in your screenshot (xavier) has FAW Administrator roles. I believe that grants him access to all data; it overrules the line manager access restriction.

  • Lauriane Massin Whitaker
    Lauriane Massin Whitaker Rank 6 - Analytics Lead

    What roles shall he have to be able to access the console and have access to reports with the LM limitation access please ?

  • Lauriane Massin Whitaker
    Lauriane Massin Whitaker Rank 6 - Analytics Lead

    I've deleted all his administrator roles, and now the user can't see any data…