Your organization has unique job role requirements for security set up in the Oracle Fusion
application. Identify the best way to set up unique Job roles in the Fusion application.
A.
Create custom job rolesinthe fusion application that match the job titles exactly
B.
Use the Fusion application’s predefined duty roles and create or modify roles as necessary.
C.
Assign all the users to the Fusion application’s predefined duly roles.
D.
Use the IT Security Manager role to prevent or limit the duty tasks performed by the users.
E.
Create data roles that match each unique job role and assign them to each user.
Explanation:
Role-Based Access Control
Access to system resources is granted to users through the roles assigned to them, not to the
users directly. Roles provide access to functions and data.
The Oracle Fusion Applications security approach includes abstract, job, duty, and data roles.
Abstract roles group users without respect to specific jobs, such as all employees or all managers.
Job roles group users in adherence to the principle of least privilege by granting access only in
support of the duties likely to be performed, such as the job of Accounts Payable Manager. Duty
roles define the duties of a job as entitlement to perform a particular action, such as processing
payables invoices. Data roles group users who have functional access through a particular job role
with access to a particular dimension of data, such as invoices relevant only totheir business unit,
or based on Human Capital Management (HCM) security profiles, such as employees who work in
departments in a particular country, line of business, or division.
Abstract, job, and data roles are implemented as enterprise roles in Oracle Fusion Middleware so
they can be shared across the enterprise. Duty roles are implemented as application roles in
Oracle Fusion Middleware so they can be defined within applications
Note: Reference Implementation
The security reference implementation consists of roles, policies, and templates for generating
data roles.The security reference implementation consists of the following.
* Set of abstract and job roles
* Duty roles and role hierarchy for each job role and abstract role
* Privileges required to perform each duty defined by a duty role
* Data security policies for each job role, abstract role, or data role
* Predefined HCM security profiles
* Policies that protect personally identifiable information
* Mapping of data security policies to fact and dimension to ensure enforcement across tools and
access methods
* Segregation of duties policies respected in the design of duties for the job role
* Segregation of duties conflicts in some job role definitions
* Templates for generating data roles and data security policies defined for those data roles
* Template of data masking algorithm
Oracle Fusion Applications Security Guide, Role-Based Access Control