Oracle by Example brandingGet Started with User Accounts REST API - Authorization

section 0Before You Begin

This 5-minute tutorial shows you how to create a security role which will allow a user access to the User Accounts REST API.

Background

Authorization identifies which users can access the REST API. User roles must have security privileges, including custom data roles for the APIs if any. To access REST APIs, user roles must have security privileges. You must also include custom data roles, if any, for the APIs.

The userAccounts REST API is secured with various function security privileges and data security policies. These privileges and policies are delivered through function privileges. Depending on the roles assigned, and their level of access, users can access the workers REST API to view or manage user accounts.

For more information on role types and their functions, see: Oracle Fusion Applications Security Guide.

The function security policies required for these exercises are:

  • PER_REST_SERVICE_ACCESS_USERS_AND_ROLES_LOVS_PRIV
  • PER_REST_SERVICE_ACCESS_USER_ACCOUNTS_PRIV

You will add the ORA_FND_IT_SECURITY_MANAGER_JOB role which inherits the PER_REST_SERVICE_ACCESS_USERS_AND_ROLES_LOVS_PRIV function privilege and the ORA_PER_REST_SERVICE_ACCESS_USER_ACCOUNTS role which inherits the PER_REST_SERVICE_ACCESS_USER_ACCOUNTS_PRIV funciton privilege.


section 1Create a Job Role by Modifying an Existing Job Role

  1. Login as a security manager user and access the security console.

    Navigator > [Tools] Security Console

  2. In the Roles tab, search for Human Capital Management Integration Specialist and copy the Role using the Copy Top Role option.
  3. Give the role the following properties, replacing ## for your initials:

    Note: If you have taken any HCM REST API Trainings you may have created this role, you may modify the role, instead of creating a new role.

    Attribute Value
    Role Name ## Human Capital Management Integration Specialist
    Role Code ##_HUMAN_CAPITAL_MANAGEMENT_INTEGRATION_SPECIALIST_JOB
    Description ## Individual responsible for planning, coordinating, and supervising all activities related to the integration of human capital management information systems.
  4. Add the roles.
    • Proceed to the Role Hierarchy page either by clicking on the train stop, or clicking next.
    • Click Add Role.
    • Search for ORA_FND_IT_SECURITY_MANAGER_JOB.
    • Select the role and click Add Role Membership.
    • Search for ORA_PER_REST_SERVICE_ACCESS_USER_ACCOUNTS.
    • Select the role and click Add Role Membership.
    • Close the Add Role Membership window.
    Proceed to the Summary Page either by click on the train stop, or clicking next.
  5. Click Save and Close.

section 2Create a Data Role

  1. Access the Manage Data Role and Security Profiles task.

    Navigator > Setup and Maintenance > Tasks > Search > Manage Data Role and Security Profiles

  2. Create a New Data Role.
  3. Give the data role the following properties, replacing ## for your initials:

    Attribute Value
    Data Role ##_HUMAN_CAPITAL_MANAGEMENT_INTEGRATION_SPECIALIST_JOB_ALL
    Job Role ## Human Capital Management Integration Specialist
  4. Click Next.
  5. Click Yes to acknowledge the warning.
  6. Give the data role the following security criteria:

    Attribute Value
    Organization Security Profile View All Organizations
    Position Security Profile View All Positions
    Country Security Profile View All Countries
    Legislative Data Group Security Profile View All Legislative Data Groups
    Person Security Profile View All People
    [Public] Person Security Profile View All People
    Document Type Security Profile View All Document Types
    Payroll Security Profile View All Payrolls
    Job Requisition Security Profile View All Job Requisitions
  7. Click Review.
  8. Click Submit.

section 3Make the Data Role Assignable

  1. Access the Manage Data Role and Security Profiles task.

    Navigator > Setup and Maintenance > Tasks > Search > Manage Role Provisioning Rules

  2. Create a new role provisioning rule.
  3. Give the rule the mapping name ##_HUMAN_CAPITAL_MANAGEMENT_INTEGRATION_SPECIALIST_DATA_ROLE.
  4. Under Associated Roles, click Add Row.
  5. Add ##_HUMAN_CAPITAL_MANAGEMENT_INTEGRATION_SPECIALIST_JOB_ALL.
  6. Check Requestable and Self-requestable and uncheck Autoprovision.
  7. Click Save and Close.

section 4Assign the Data Role to your Integration User

  1. Access the security console.

    Navigator > [Tools] Security Console

  2. In the users view, search for your integration specialist user.
  3. Click on the Display Name to access the user information.
  4. Click Edit.
  5. Click Add Role.
  6. Search for your data role role, ##_HUMAN_CAPITAL_MANAGEMENT_INTEGRATION_SPECIALIST_JOB_ALL.
  7. Select the role and click Add Role Membership.
  8. Close the Add Role Membership dialog box.
  9. Click Save and Close.

next stepNext Tutorial

Setup Postman