Before You Begin
This 5-minute tutorial shows you how to create a security role which will allow a user access to the User Accounts REST API.
Background
Authorization identifies which users can access the REST API. User roles must have security privileges, including custom data roles for the APIs if any. To access REST APIs, user roles must have security privileges. You must also include custom data roles, if any, for the APIs.
The userAccounts REST API is secured with various function security privileges and data security policies. These privileges and policies are delivered through function privileges. Depending on the roles assigned, and their level of access, users can access the workers REST API to view or manage user accounts.
For more information on role types and their functions, see: Oracle Fusion Applications Security Guide.
The function security policies required for these exercises are:
- PER_REST_SERVICE_ACCESS_USERS_AND_ROLES_LOVS_PRIV
- PER_REST_SERVICE_ACCESS_USER_ACCOUNTS_PRIV
You will add the ORA_FND_IT_SECURITY_MANAGER_JOB role which inherits the PER_REST_SERVICE_ACCESS_USERS_AND_ROLES_LOVS_PRIV function privilege and the ORA_PER_REST_SERVICE_ACCESS_USER_ACCOUNTS role which inherits the PER_REST_SERVICE_ACCESS_USER_ACCOUNTS_PRIV funciton privilege.
Create a Job Role by Modifying an Existing Job Role
Login as a security manager user and access the security console.
Navigator > [Tools] Security Console
- In the Roles tab, search for Human Capital Management Integration Specialist and copy the Role using the Copy Top Role option.
Give the role the following properties, replacing ## for your initials:
Note: If you have taken any HCM REST API Trainings you may have created this role, you may modify the role, instead of creating a new role.
Attribute Value Role Name ## Human Capital Management Integration Specialist Role Code ##_HUMAN_CAPITAL_MANAGEMENT_INTEGRATION_SPECIALIST_JOB Description ## Individual responsible for planning, coordinating, and supervising all activities related to the integration of human capital management information systems. - Add the roles.
- Proceed to the Role Hierarchy page either by clicking on the train stop, or clicking next.
- Click Add Role.
- Search for ORA_FND_IT_SECURITY_MANAGER_JOB.
- Select the role and click Add Role Membership.
- Search for ORA_PER_REST_SERVICE_ACCESS_USER_ACCOUNTS.
- Select the role and click Add Role Membership.
- Close the Add Role Membership window.
- Click Save and Close.
Create a Data Role
Access the Manage Data Role and Security Profiles task.
Navigator > Setup and Maintenance > Tasks > Search > Manage Data Role and Security Profiles
- Create a New Data Role.
Give the data role the following properties, replacing ## for your initials:
Attribute Value Data Role ##_HUMAN_CAPITAL_MANAGEMENT_INTEGRATION_SPECIALIST_JOB_ALL Job Role ## Human Capital Management Integration Specialist - Click Next.
- Click Yes to acknowledge the warning.
Give the data role the following security criteria:
Attribute Value Organization Security Profile View All Organizations Position Security Profile View All Positions Country Security Profile View All Countries Legislative Data Group Security Profile View All Legislative Data Groups Person Security Profile View All People [Public] Person Security Profile View All People Document Type Security Profile View All Document Types Payroll Security Profile View All Payrolls Job Requisition Security Profile View All Job Requisitions - Click Review.
- Click Submit.
Make the Data Role Assignable
Access the Manage Data Role and Security Profiles task.
Navigator > Setup and Maintenance > Tasks > Search > Manage Role Provisioning Rules
- Create a new role provisioning rule.
- Give the rule the mapping name ##_HUMAN_CAPITAL_MANAGEMENT_INTEGRATION_SPECIALIST_DATA_ROLE.
- Under Associated Roles, click Add Row.
- Add ##_HUMAN_CAPITAL_MANAGEMENT_INTEGRATION_SPECIALIST_JOB_ALL.
- Check Requestable and Self-requestable and uncheck Autoprovision.
- Click Save and Close.
Assign the Data Role to your Integration User
Access the security console.
Navigator > [Tools] Security Console
- In the users view, search for your integration specialist user.
- Click on the Display Name to access the user information.
- Click Edit.
- Click Add Role.
- Search for your data role role, ##_HUMAN_CAPITAL_MANAGEMENT_INTEGRATION_SPECIALIST_JOB_ALL.
- Select the role and click Add Role Membership.
- Close the Add Role Membership dialog box.
- Click Save and Close.