How to secure subject area access for specific users in Oracle Cloud HCM

Fusion Practices


Dec 2, 2020

How to secure subject area access for specific users in Oracle Cloud HCM

Oracle OTBI allows users to easily restrict access to sensitive areas using a role-based dashboard that rolls out to business units or line managers with in-built data security.

Oracle Cloud ERP has a vast self-service reporting capability but data security is still a concern for CFOs and CTOs. In this blog, we will discuss how access can be restricted based on user roles in Oracle Transactional Business Intelligence (OTBI) for financials, GL or transactional reports. We demonstrate how the access for a few of the subject areas for HR users can be secured by roles, based on their job profile using Oracle HCM Absence Management.

Typically clients face data security issues when BI access is given to all users including HR and payroll users. Ideally HR users should not have access to the payroll data. To avoid that, businesses seek to restrict access for a particular role for a specific subject area. This can be achieved when businesses share the custom roles and the subject areas that need to be restricted for these roles for OTBI reporting.

The method described below allows this to be done at a BI level, even without having an IT security manager level access.

Step 1– Person should have BI Admin access and Go to BI Publisher > go to Administration > click on Manage Privileges


Step 2– Now check for Subject Area we want to restrict and click on the role against that. In this case, if access has to be restricted for the first subject area shown in the screen below, then the link adjacent to it has to be clicked. This overrides the access at different level.


Step 3– Click on add button and choose the option for which you need to restrict the subject area. In this case, for restricting it to a specific user, the user needs to be selected as shown below. Other category options available to restrict access are application roles, catalog groups, and all employees.


Step 4 – Search for the person and select permission to be denied, which will override the default setting. This can be done either at the level of application roles or as depicted below.


Step 5 – Once this is done, the privilege gets overridden for that particular subject area only for a specific user or application roles. We can also verify whether the access is revoked for a specific user/ application roles.


Author: Nitin is an Oracle HCM Solution Architect

Get In Touch with Us

Read More

Related Posts