Role Provisioning and Deprovisioning in Oracle Cloud ERP
In Oracle Cloud ERP, users must be provisioned with roles to access data, perform functions, and carry out application tasks. Without roles, users have no system access. Role mappings define how roles are automatically or manually assigned and removed.
Managing Role Provisioning
To manage role provisioning, use the following setup tasks:
-
Manage Role Provisioning Rules
-
Manage HCM Role Provisioning Rules
These tasks allow you to create role mappings that govern when roles are assigned or removed.
Methods of Role Provisioning
Roles can be provisioned to users in the following ways:
1. Automatic Provisioning
-
Occurs when a user’s assignment matches the conditions defined in a role mapping.
-
Example: If a worker is promoted to a manager, and a role mapping exists for line managers, the system automatically assigns the Line Manager role.
2. Manual Provisioning
-
Carried out directly by administrators or users with privileges (e.g., line managers can assign roles to their reports).
-
Users can also request roles for themselves.
-
Still requires a role mapping to define eligibility.
Role Types
You can provision the following types of roles:
-
Job Roles – Define duties within the organization.
-
Abstract Roles – Represent roles like Employee, Contingent Worker.
-
Data Roles – Combine job roles with data security contexts.
In Oracle Fusion Cloud HCM, job roles are often embedded within HCM data roles and provisioned together.
Automatic Role Deprovisioning
-
Roles are automatically removed when a user’s assignment no longer meets the role-mapping conditions.
-
Example: A user who is no longer a line manager will automatically lose the Line Manager role.
-
This process is triggered by changes to worker assignments.
Manual Deprovisioning
-
Even automatically provisioned roles can be manually deprovisioned when needed.
-
Manually provisioned roles can also be removed at any time by an administrator.
