Security Profiles in Oracle HCM Cloud play a critical role in defining data access boundaries within an organisation. They ensure that users can view or manage only the information relevant to their roles, maintaining both compliance and confidentiality. By implementing well-structured security profiles in Oracle HCM Cloud, organisations can streamline role-based access while safeguarding sensitive employee data from unauthorised exposure. Security in Oracle HRMS defines which employees or persons a user can view or access from the Employee/Person screen, ensuring controlled and role-based data visibility. 

Why is Security Important? 

In Oracle HRMS, sensitive employee information must be protected in compliance with data privacy and protection regulations. For instance, details such as an employee’s date of birth or salary should not be visible to all users simply because they have access to certain system responsibilities. Implementing security ensures that only authorised individuals can view or manage specific data, maintaining confidentiality and data integrity across the system. 

In this blog, we’ll explore the standard security model used in Oracle HRMS and later discuss the alternate security model designed to address its limitations. The alternate security model provides enhanced flexibility and control, allowing organisations to overcome the constraints of the basic (standard) security model and implement more tailored data access rules. 

Suppose you want a specific responsibility to display only the employees working in the IT department. How can this be achieved? To begin with, you need to have an Organisation Hierarchy defined in Oracle HRMS. For example, let’s assume the hierarchy is named “XX Passi-Corp Hierarchy. 

XX Passi-Corp – Top-Level Organisation 

• XX Finance 
  • XX Credit Control 
  • XX Debt Management 
  • XX Customer Relations 

• XX IT 
  • XX IT Technical 
  • XX IT Technical Support 
  • XX IT Development 
  • XX IT Functional Support 
  • XX IT Business Analysis 

Let’s assume your organisation has an overall IT Head and a separate Head of IT Technical Department. Now, you want to create a Responsibility that allows access only to employees working in the following departments: 

• XX IT Technical 
  • XX IT Technical Support 
  • XX IT Development 

Registrations are now open for our
Planned Live Batches in various Oracle Cloud trainings

To meet this business requirement, follow the steps below – 

• Create an Organisation Hierarchy. 

• Define a Security Profile and associate it with the node “XX IT Technical” within the hierarchy. 
• Assign the Security Profile to the responsibility named “XX HRMS IT Technical Resp” using the appropriate profile option. 
• Run the concurrent program “Security List Maintenance” to refresh the list of employees visible under the defined security profile. 

Now, let’s go through each step in detail

Step 1: Create an Organisation Hierarchy that defines the reporting structure within your enterprise. 

Step 2: Create a Security Profile and associate it with the node “XX IT Technical” in the defined hierarchy to restrict visibility accordingly. 

Step 3: Assign the Security Profile to the responsibility named “XX HRMS IT Technical Resp” using the appropriate profile option in Oracle HRMS. 

Step 4: Run the concurrent program “Security List Maintenance” to update the employee and organisation lists based on the applied security settings. 

Important Notes for Security Profiles in Oracle HCM Cloud

1. This article covers the Standard Security Model in Oracle HRMS. In this model, each Security Profile must be linked to a separate Responsibility, which can be a limitation in large enterprises. 
2. You can alternatively create custom Security Profiles using SQL-based definitions or by basing security on Positions, Payrolls, or other organisational attributes (as supported in the configuration options). 
3. The key difference between PER_PEOPLE_F and PER_ALL_PEOPLE_F is that: 
   • PER_PEOPLE_F is a secured view that enforces data visibility based on the Security Profile associated with the logged-in user or responsibility. 
   • PER_ALL_PEOPLE_F is the base table that stores all records and does not apply any security filtering. 
4. If you prefer not to use the Standard Security Model, you can opt for the Security Groups feature. 
   • Set the profile option “Enable Security Groups” to Yes.
   • Assign different Security Profiles to individual users, even when they share the same responsibility.  
   • This approach allows reusing a single responsibility while maintaining distinct access controls—effectively overcoming the limitation of the standard model. 

Conclusion 

Understanding and implementing Security Profiles in Oracle HCM Cloud is essential for maintaining a secure and efficient HR environment. Whether you rely on the standard model or explore advanced configurations like Security Groups, the goal remains the same — to ensure precise data visibility and control. With a robust security framework, businesses can protect employee information while empowering HR users with the right level of access to perform their roles effectively.