0 Replies Latest reply on Sep 6, 2017 5:34 AM by gracylayla

    IDENTIFYING ROLES WHICH CONTROLS THE MENU ITEMS IN ORACLE FUSION HCM CLOUD APPLICATION

    gracylayla

      Oracle Fusion HCM Cloud Application or for that matter other modules within Oracle Fusion Application like Procurement, Sales Cloud, Service Cloud.. etc has a lot of OOTB Roles and privileges which gets shipped along with the product. These roles in conjunction with the various privileges and security policies associated with them control whether or not a user would be able to access certain menu items as well as which all operations ( like Read Only, Edit Options etc..) would one be able to perform. Add to this the need of custom roles and what you get is a huge list of roles and privileges. So far so good, but what becomes challenging is to identify which all menu items are controlled by which roles and the privileges required to access the menu item. Identifying this has been a major challenge for consultants for a long time now but thanks to the Oracle Development Team and we have been offered with a new feature “Simulate Navigator” starting release 11 which answers all such questions.

      In the Security Console you can access the 'Simulate Navigator' feature which exposes the particular privileges that control the menu items. At the same place you can see which reference roles include those privileges, so roles can be copied-and-edited to closer meet your own needs.

      In this article, we would try to understand the same in detail.

      Demonstration

      We would need to login to application and select the ‘Security Console’ Menu Item. Once there we have to choose any Role (Employee Role for this example) and select the ‘Simulate Navigator’ option as shown:

      Navigation: Navigator->Tools-> Security Console.

       

      We have so many Menus which are associated with the logged in user ( Implementation Administrator) user but we are mainly concerned about the Menu which are generally associated with an individual who has the Abstract Employee Roles.

      The Simulate Navigator screen is a mock-like navigator menu that shows all the possible items (based on your implementation) and if the selected role provides access. From the above screen we can see that the menu items like Personal Information, Talent Profile, Learning,Goals..etc under “About Me” and “Spaces”, “File Import and Export” under “Tools” do not have a lock icon beside them which means that these menu items would be present for every individual who has the abstract Employee Role. Also notice that there are some menu items have a yellow alert icon (like “Reports and Analytics” and “Scheduled Processes” under Tools ) which indicates that an EL Expression is set in the Structure feature which has an impact on whether the menu item would be accessible or not.

      This point gets more clear if we try to login as an Employee and then try to view the menu items he has access to:

       

      From the above screen we can see that user ‘frank.adams’ has just the abstract employee role access and under the Tools Menu there are four items namely Spaces, Reports and Analytics, Scheduled Processes and File Import and Export. A closer look at the Simulate Navigator image would clearly show that Spaces and File Import and Export are menu items which do not have a Lock icon beside them while Reports and Analytics and Scheduled Processes can be accessed by this user as the EL expression associated with these menu items turns out to be True.

      Verifying EL Expression

      While from above we have seen how does Simulate Navigator works there is just one thing left for verification and that is to check whether the EL Expression for the menu items ( “Reports and Analytics” & “Scheduled Processes” turns out to be true for an individual having just the Abstract Employee Role attached to it) .

      For this, we would need to login to application with an Administrator User and navigate to “Structure” and check the EL Expression attached with the “Reports and Analytics” menu item

       

      Associated EL Expression with Reports and Analytics (Visible Property)


      #{(securityContext.userGrantedResource['resourceType=FNDResourceType;resourceNam e=ATK_Report_and_Analytics_Menu;action=launch'])}

       

      Now with every user account this specific resource named ATK_Report_and_Analytics_Menu is associated by default and hence our user (frank.adams) being a user too also has access to this menu.

      Conclusion

      With this we have come to the end of the article. I hope you guys had some insight into the SimulateNavigator feature and would now be able to find out which all menu items are associated with which specific roles and also if there are any special clauses ( EL Expression ) associated with the same (menu item) which controls whether the same would be accessible or not.