Skip to main content

Manage Access to Data Based on Business Groups

NoetixViews for Oracle Human Resources, Oracle Advanced Benefits, Oracle Payroll, and Oracle Time and Labor provide configurable access to data in Oracle Human Resources Management System (HRMS). The About Access to HRMS Data topic in this section discusses about the support for data security based on business groups and security profiles in NoetixViews, and the Define Security Based on Business Groups topic discusses about how to customize security settings for the Noetix query users based on the business groups and security profiles.

About Access to HRMS Data

In NoetixViews, Noetix query users can access data from the Noetix views for Advanced Benefits, Human Resources, Payroll, and Time and Labor based on the roles and row-level security assigned to them. The standard and global forms of views for these modules allow users to access employee data based on business groups and security profiles. For the data in the views of these modules, row-level security is determined based on the organizational unit and application-specific securities assigned to the Noetix query users in Oracle E-Business Suite. The organizational unit security controls the Noetix query users' access to the business groups defined in Oracle E-Business Suite. The application-specific security is applied over the organizational unit security based on the security profiles to further restrict the Noetix query users' access to the business groups. However, for the global form of the views, NoetixViews provides a functionality to override the organizational unit and application-specific securities of the Noetix query users to customize their access to business groups.

Noetix Views for Human Resources

The Noetix views for Human Resources are of two types: standard and global. Standard views for Human Resources return data for a single business group, and a Noetix role is generated for each detected business group. In contrast, global views for Human Resources provide access to all detected business groups in an instance of Oracle E-Business Suite and can be accessed through a single set of roles. Global views support multiple key flexfield structures, whereas standard views support only single key flexfield structure and will have columns for returning individual segment values corresponding to each structure. In a global view that uses multiple key flexfield structures set up with multiple segments, by default, the following key flexfield columns are generated:

  • A column to return the concatenated segment values corresponding to the flexfield structure used.

  • A column to return the key flexfield primary key column value for the corresponding concatenated segment values of the structure.

  • A column to return the concatenated name of the key flexfield segments for the corresponding structure. This column has the suffix Segment Name List in the column label.

  • A column to return the name of the key flexfield structure used in the global view. This column has the suffix Structure Name in the column label.

  • A Z$ column to join to the key flexfield view. The Z$ column will have the name of the key flexfield view in the suffix.

The only exception to this is the special information type (SIT) views in which each view is tied to only one structure. Therefore, in these views, key flexfield columns are generated based on one of the following conditions:    

  • If the key flexfield is restricted to use only a single structure set up with multiple segments, by default, the following columns are generated:

    • A column to return the concatenated segment values corresponding to the flexfield structure used.

    • Columns for returning individual segment values corresponding to the structure.

  • If the key flexfield is restricted to use only a single structure set up with single segment, by default, the following column is generated:

    • A column to return the individual segment value of the structure.

NOTE: In the views for Payroll, Advanced Benefits, and Time and Labor, columns for the supported key flexfields are generated in the same manner as in the views for Human Resources.

Noetix Roles for Human Resources

NoetixViews uses database roles to group related views and simplify security administration. A Noetix query user who is granted a role can then query all views in that role.

For standard views, the following roles are generated for each detected business group:

  • HR HUMAN RESOURCES: Includes views that return nonconfidential data, confidential data (except for salary data), and data for extra information types (EITs)and special information types (SITs). Human Resources supervisors and those who require broad access to Human Resources data should be granted this role.

  • HR MANAGER: Includes views that return nonconfidential data and confidential data (except for salary data). Managers who require limited access to Human Resources data should be granted this role.

  • HR SALARY MANAGER: Includes views that return confidential salary data.

  • HR EXTRA INFO TYPES: Includes views that return data for EITs.

  • HR SPECIAL INFO TYPES: Includes views that return data for SITs.

  • HR USER: Includes views that return nonconfidential data.

For global views, only one set of these roles with the default, configurable prefix of HRG0 will be generated.

Security Policies in Views for HRMS

The Noetix views for Advanced Benefits, Human Resources, Payroll, and Time and Labor support the following kinds of security policies:

  • Application-Specific Security of Human Resources: This security policy is the default for Noetix query users of the Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) types. For more information on users and roles, seeAbout Noetix Query Users and Roles.

    For these users, application-specific security is applied when no changes are made on the Business Group tab of the <Noetix query user> Properties dialog box of the Noetix Views Administrator (NoetixViews Administrator).

    This security policy applies employee data and business group restrictions on Noetix query users that are similar to the restrictions applied on users in Human Resources. Employee data restrictions are always determined by the security profile or global security profile applied to the Noetix query users during logon.

For standard views, the business group is hard-coded in the view and cannot be changed or overridden. The security profile defined for the Noetix query users of the Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) types in Oracle E-Business Suite will determine their access to data in standard views. For Noetix query users of the Database User (Type U) and Noetix System Administration User (Type N) types, the security profiles will apply only if the query users are also defined in Human Resources as reporting users for the security profiles.For more information on users and roles, seeAbout Noetix Query Users and Roles.

The security profiles cannot be overridden in standard views.

For global views, the business group is determined by the security model and security profile or global security profile applied to the Noetix query users during logon. If the Standard Human Resources Management System security model is used in Human Resources, the business group assigned to the security profile is used or the business group assigned to the responsibility during logon with the global security profile is used. If the Security Groups Enabled security model is used, the business group is indicated by the security group used during logon. Irrespective of the security model, application-specific security of Human Resources will result in access to a single business group in the global views. For Noetix query users of the Database User (Type U) and Noetix System Administration User (Type N) types, application-specific security of Human Resources will apply in the global views only when these users are also specified as reporting users for security profiles in Human Resources. In such cases, access to employee data will be determined by the security profiles to which the reporting users are assigned.

For information on security profiles, global security profiles, responsibilities, and security groups, see the Oracle documentation.

  • Custom Security: Custom security is established when the application-specific security of Human Resources is overridden through settings on the Business Group tab of the <Noetix query user> Properties dialog box. Through custom security, you can override the employee data restrictions of security profiles and global security profiles, allow access to all business groups within the organization hierarchy of a global security profile, and create custom lists of accessible business groups. For all global views for Advanced Benefits, Human Resources, Payroll, and Time and Labor, the list of accessible business groups can be modified.

The following table indicates how the settings in Human Resources and on the Business Group tab of the <Noetix query user> Properties dialog box collectively secure data in global views for Advanced Benefits, Human Resources, Payroll, and Time and Labor:

At logon, when the Noetix query user has a

And it is

The global view will return

Security profile

Enforced by NoetixViews

Employee data restricted by the security profile and the business group assigned to the security profile when the Standard HRMS security model is used so long as the business group is also in the Assigned Business Groups list on the Business Group tab

Or

Employee data restricted by the security profile and the business group for the security group used during logon when the Security Groups Enabled security model is used so long as the business group for the security group is also in the Assigned Business Groups list on the Business Group tab

Security profile

Not enforced by NoetixViews

All employee data in all business groups in the Assigned Business Groups list on the Business Group tab

Global security profile

Enforced by NoetixViews

Employee data restricted by the global security profile and for the business group assigned to the responsibility during logon when the Standard HRMS security model is used so long as the business group is also in the Assigned Business Groups list on the Business Group tab1

Or

Employee data restricted by the global security profile and the business group for the security group used during logon when the Security Groups Enabled security model is used so long as the business group for the security group is also in the Assigned Business Groups list on the Business Group tab1

Or

Employee data restricted by the global security profile and for all business groups in the organization hierarchy of the global security profile so long as the business groups are also in the Assigned Business Groups list on the Business Group tab2

Global security profile

Not enforced by NoetixViews

All employee data in all business groups in the Assigned Business Groups list on the Business Group tab

1 The Enforce Oracle HR security profile processing check box and the business group specified by the user's login session option on the Business Group tab are selected.

2The Enforce Oracle HR security profile processing check box and the all business groups included in the global security profile option on the Business Group tab are selected.

For information about how to define security based on business groups in global views for Advanced Benefits, Human Resources, Payroll, and Time and Labor, see Define Security Based on Business Groups.

The following table lists the Noetix views pertaining to Advanced Benefits for which the data is filtered by the security profiles established in Human Resources. The security profiles can be overridden in only the global form of these views.

View name

Human Resources security profile applied at:

BEN COBRA Beneficiaries

(Available for only United States legislation)

Person and Assignment levels

BEN Elig Elec Enrollments

Person and Assignment levels

BEN Emp Dependents

Person level

BEN Life Evnt Workflow

Person and Assignment levels

BEN Payroll Ben Costs

Person level

BEN Potential Life Evnts

Person and Assignment levels

BEN Ptpnt Benefit Costs

Person and Assignment levels

BEN Ptpnt Communications

Person and Assignment levels

BEN Ptpnt Court Orders

Person and Assignment levels

BEN Ptpnt Electabilities

Person and Assignment levels

BEN Ptpnt Eligibilities

Person and Assignment levels

BEN Ptpnt Enroll Actions

Person and Assignment levels

BEN Ptpnt Enrollments

Person and Assignment levels

BEN Ptpnt Flex Credits

Person and Assignment levels

BEN Ptpnt Flex Spending

Person and Assignment levels

BEN Ptpnt Life Events

Person and Assignment levels

BEN Ptpnt Mthly Premiums

Person and Assignment levels

The following table lists the Noetix views pertaining to Human Resources for which the data is filtered by the security profiles established in Human Resources. The security profiles can be overridden in only the global form of these views.

View name

Human Resources security profile applied at:

HR Accural Pln Hist

Any level

HR Address Hist

Person and Organization levels

HR AP 1099 Payments (Available for only United States legislation)

Person level

HR Applicant Hist

Person, Assignment, and Vacancy levels

HR Ben Elig Info

Position, Person, and Assignment levels

HR Budgets

Position level

HR Carrier Asg Hist

Security level

HR COBRA Prem Stat (Available for only United States legislation)

Person level

HR COBRA Track (Available only for United States legislation)

Person level

HR Contact Hist

Person level

HR Contingent Worker Info

Person and Assignment levels

HR EI Academic Rank

Person level

HR EI Asg Ben Derived

Person level

HR EI Asg Federal

Person level

HR EI Asg Locality

Person level

HR EI Asg Types

Position, Person, and Assignment levels

HR EI GHR Probations

Person level

HR EI GHR Sep Retire

Person level

HR EI Job Types

Any level

HR EI Loc Types

Any level

HR EI Per Types

Person level

HR EI Pos Types

Any level

HR EI US Add Details (Available for only United States legislation)

Person level

HR EI US Passport Dtls (Available for only United States legislation)

Person level

HR EI US Visa Dtls (Available for only United States legislation)

Person level

HR Element Links

Person, Organization, and Payroll level

HR Emp Absence Hist

Person and Assignment levels

HR Emp ADA Info (Available for only United States legislation)

Person level

HR Emp Asg Details

Person and Assignment levels

HR Emp Assign Costs

Organization, Person, and Assignment levels

HR Emp Assign Costs Hist

Person and Assignment levels

HR Emp Assign Hist

Person and Assignment levels

HR Emp Ben Health

Person and Assignment levels

HR Emp Ben Others

Person and Assignment levels

HR Emp Beneficiary

Person level

HR Emp Element Entry Vals

Person and Assignment levels

HR Emp Emergency

Person and Assignment levels

HR Emp Ethnic Info (Available for only United States legislation)

Person and Assignment levels

HR Emp Headcnt Hist

Person and Assignment levels

HR Emp Headcounts

Person and Assignment levels

HR Emp Info

Person and Assignment levels

HR Emp LOS

Person and Assignment levels

HR Emp Reviews

Person and Assignment levels

HR Emp Sal Analysis

Person and Assignment levels

HR Emp Sal Hist

Person and Assignment levels

HR Emp Sal Pro Current

Person and Assignment levels

HR Emp Sal Pro Hist

Person and Assignment levels

HR Emp Tax Details (Available for only United States legislation)

Person level

HR Emp Terms Hist

Person and Assignment levels

HR Emp Total Comp

Person and Assignment levels

HR Emp Veteran Info (Available for only United States legislation)

Person and Assignment levels

HR Emp Work Hist

Person and Assignment levels

HR Emp Xfers Hist

Person and Assignment levels

HR New Hire Hist

Organization, Person, and Assignment levels

HR Oth Headcnt Hist

Person and Assignment levels

HR Pay Scales

Any level

HR People Grp Hist

Person and Assignment levels

HR Person Hist

Person and Assignment levels

HR Phones Hist

Person level

HR Pos Hierarchies

Position level

HR Pos Requirements

Position level

HR Req Vac Track

Position and Vacancy levels

HR Schools Attended

Any level

HR SI Type

Person level

HR Turnover Hist

Organization, Person, and Assignment levels

HR Vac Job Match

Position and Vacancy levels

HR Vac Pos Match

Person, Position, and Vacancy levels

HR Accrual Pln Hist

Any level

HR Address Hist

Person and Organization levels

The following table lists the Noetix views pertaining to Payroll for which the data is filtered by the security profiles established in Human Resources. The security profiles can be overridden in only the global form of these views.

View name

Human Resources security profile applied at:

PAY Accruals (Available for all legisla­tion except for Australia)

Person and Assignment levels

PAY Check Register

Payroll, Person, and Assignment levels

PAY Costing Analysis

Payroll, Person, and Assignment levels

PAY Costing Details

Organization level

PAY Costing Summary

Organization level

PAY Custom Balances (Available for all legislations except for Australia and United Kingdom)

Payroll, Person, and Assignment levels

PAY Deductions Owed

Payroll, Person, and Assignment levels

PAY Emp Not Paid

Payroll, Person, and Assignment levels

PAY Emp Not Paid Vg

Payroll, Person, and Assignment levels

PAY Gre Totals (Available for only United States legislation)

Organization level

PAY Gross And Net Balances

Payroll, Person, and Assignment levels

PAY Gross To Net Summary

Organization level

PAY Hours By Cost Center

Organization level

PAY Invalid Addresses (Available for only United States legislation)

Person level

PAY Payment Methods

Person and Assignment levels

PAY Payment Register

Payroll, Person, and Assignment levels

PAY Payroll Activities

Payroll, Person, and Assignment levels

PAY Payroll Audit

Payroll, Person, and Assignment levels

PAY Payroll Messages

Organization, Payroll, Person, and Assign­ment levels

PAY Payroll Proc Summary

Payroll level

PAY Run Results

Payroll, Person, and Assignment levels

PAY Tax Balances (Available for all legislations except for Australia and United Kingdom)

Payroll, Person, and Assignment levels

PAY Third Party Balances (Applica­ble for only Canadian legislation)

Payroll, Person, and Assignment levels

PAY Third Party Register

Payroll, Person, and Assignment levels

PAY Void Payments

Payroll, Person, and Assignment levels

PAY US Payroll Register (available for only United States legislation)

Payroll, Person, and Assignment levels

PAY US W2 Register (available for only United States legislation)

Payroll, Person, and Assignment levels

The following table lists the Noetix views pertaining to Time and Labor for which the data is filtered by the security profiles established in Human Resources. The security profiles can be overridden in only the global form of these views.

View name

Human Resources security profile applied at:

HXC All Assignment Hist

Person and Assignment levels

HXC All Person Hist

Person level

HXC Assignment Time Info

Person and Assignment levels

HXC BEE Batch Headers

Organization level

HXC BEE Batch Lines

Person and Assignment levels

HXC BEE Error Messages

Organization level

HXC PUI Latest Timecards

Person and Assignment levels

HXC PUI Missing Timecards

Person and Assignment levels

HXC PUI Time Entry Errors

Person level

HXC PUI Timecard History

Person and Assignment levels

HXC SS Latest Timecards

Person and Assignment levels

HXC SS Missing Timecards

Person and Assignment levels

HXC SS Time Category Hours

Person level

HXC SS Timecard Action Hist

Person and Assignment levels

HXC SS Timecard History

Person and Assignment levels

HXC Timecard Summary

Person and Assignment levels

Define Security Based on Business Groups

In NoetixViews Administrator, use the Business Group tab to control access to data in global Noetix views for Advanced Benefits, Human Resources, Payroll, and Time and Labor based on business groups for a Noetix query user.

The Business Group tab will be available only if:

  • You have purchased the global form of Noetix views for at least one of the following Oracle
    E-Business Suite modules:

    • Advanced Benefits

    • Human Resources

    • Payroll

    • Time and Labor

  • You are not modifying the Oracle Administrative Database User (Type O).

IMPORTANT: When assigning row-level security to Noetix query users using the Business Group tab, the following points should be noted:

  • For allowing Noetix query users to view data from the Noetix views for the selected Oracle application, appropriate roles corresponding to the selected business groups should be assigned to the users.

  • In Oracle Discoverer and Noetix WebQuery, user authentication based on the roles and row-level security settings similar to Oracle E-Business Suite is supported. For information, see About Data Security in NoetixViews.  

  • In Oracle Business Intelligence (Oracle BI), SAP BusinessObjects, and IBM Cognos Business Intelligence (Cognos BI), user authentication based on the roles and row-level security settings is supported for only the Oracle E-Business Suite Authenticated User (Type A) type Noetix query users if the query users are mapped to the users registered in these BI tools. For information, see Applying Row-level Security to BI Tool Users.

To control access to data in Noetix views based on business groups

  1. On the Noetix Query User Maintenance tab of the Security Manager dialog box, select the user for whom you want to customize access to data. For information about creating or modifying a user account, see Create a Noetix Query User Account or Modify a Noetix Query User Account. Click Edit. The <Noetix query user> Properties dialog box appears. If you are creating Noetix query users for the first time, skip this step, and go to step 2.

  2. Click the Business Group tab.

  1. In the Application list, click an application name. The options are Benefits, HR, Payroll, and Time and Labor. After you select the application, the corresponding settings appear in the Settings for the <application name> application section.

  2. Select or clear the Enforce Oracle HR security profile processing check box. When the check box is selected, the following options for global security profiles are available:

    • the business group specified by the user's login session: This option is the default for Noetix query users of the Oracle E-Business Suite Authenticated User (Type A) and Oracle E-Business Suite Authenticated Responsibility (Type R) types. For more information on users and roles, see About Noetix Query Users and Roles.

      This option ensures that even if the Noetix query user's logon credentials in Oracle E-Business Suite include a global security profile, data will be returned for only the business group derived from these credentials. In other words, data will not be returned for other business groups that are encompassed by the global security profile. Thus, this option provides the same level of security that is present in Oracle E-Business Suite.

    • all business groups included in the global security profile: This option ensures that data will be returned for business groups encompassed by the Noetix query user's global security profile as long as they are also displayed in the Assigned Business Groups list. This option enables the Noetix query user to access data from multiple business groups through a global view for Advanced Benefits, Human Resources, Payroll, and Time and Labor with the row-level restrictions specified by the global security profile.

Regardless of the option you choose, you need to ensure that the business groups you want the Noetix query user to access with the row-level restrictions applied in Human Resources are also in the Assigned Business Groups list.

If you do not want to filter data according to the security profiles of the Noetix query user, clear the Enforce Oracle HR security profile processing check box, and proceed with the next step.

IMPORTANT: The Enforce Oracle HR security profile processing check box is available for Noetix query users of the Database User (Type U) and Noetix System Administration User (Type N) types only if they are also set up as the reporting users for security profiles.

For more information on users and roles, see About Noetix Query Users and Roles

  1. In the Settings for the <application name> application section, select one of the following options:

    • Derive from Oracle EBS: Click this option to grant access to business groups based on the Noetix query user's security settings in Human Resources. This option is available only if the Noetix query user is of the Oracle E-Business Suite Authenticated User (Type A) or Oracle E-Business Suite Authenticated Responsibility (Type R) type. For more information on users and roles, see About Noetix Query Users and Roles.

This is also the default option for these users. These business groups will appear in the Assigned Business Groups list and cannot be modified. When the Standard HRMS security model is used, the list is determined by the values of the HR:Business Group profile option for all responsibilities assigned to the Noetix query user. In the case of the Security Groups Enabled security model, the list is determined by the security groups assigned to the Noetix query user of the Oracle E-Business Suite Authenticated User (Type A) type. If the Noetix query user is of the Oracle E-Business Suite Authenticated Responsibility (Type R) type, the list will be empty. Go to step 7 to save the changes.

NOTE: If multiple users are selected, the Assigned Business Groups list will display the "<multiple users selected>" text for this option.

  • Custom: Click this option to grant access to a custom list of business groups. After you select this option, the Add button will be available. By default, this option is selected for users of the Noetix System Administration User (Type N) and Database User (Type U) types. For information about specifying a custom list of business groups, see step 6.

  • All: Click this option to grant access to all the business groups that are available in Human Resources. The business groups are displayed in the Assigned Business Groups list. When this option is selected, the data on the list cannot be modified. Go to step 7 to save the changes.

If the data access privileges of the Oracle E-Business Suite Authenticated User (Type A) type, Oracle E-Business Suite Authenticated Responsibility (Type R) type, and reporting users change in Oracle E-Business Suite or if row-level security changes have been made in Oracle E-Business Suite, click Refresh Security () on the toolbar of the NoetixViews Administrator to update the changes in NoetixViews. For more information, see Refresh Security for Noetix Query Users.

NOTE: When you click the Refresh Security button, a message is displayed stating that the process of refreshing the security may take some time.

  1. To specify a custom list of business groups, do the following:

    1. Click Add. The Add Business Groups dialog box displays the list of business groups that are available in Human Resources and that are yet to be added to the Assigned Business Groups list.

      The following columns and options are available in the Add Business Groups dialog box:

    • Show only current user’s Oracle EBS-derived access: Allows you to view only the business groups that are accessible to the Oracle E-Business Suite Authenticated User (Type A) or Oracle E-Business Suite Authenticated Responsibility (Type R) type user in the selected Oracle application. If you do not select this check box, you can see all the business groups available in the selected Oracle application. This check box is available for only the Oracle E-Business Suite Authenticated User (Type A) type or Oracle E-Business Suite Authenticated Responsibility (Type R) type users.

    • Name: Indicates the name of the business group.

    • ID: Indicates the ID of the business group.

    • Legislation Name: Indicates the legislation name corresponding to the business group.

      • Legislation Code: Indicates the legislation code corresponding to the legislation.

      • Affected Noetix Roles: Indicates the Noetix roles that have access to the views corresponding to the business group.

      • EBS-Derived: Indicates whether the user can access the business group in the selected Oracle application.

Click a column title to sort the business groups by the entity represented by the column.

NOTE: You need to scroll to the right to see all the information in a row. The width of columns in the list can be adjusted to see more if required. Select the line between columns in the header, and drag it to the required position. Also, you can resize the height and width of the dialog box by dragging the sides of the dialog box.

    1. Select the check boxes corresponding to the business groups that you want to assign to the Noetix query user. To select all the business groups, click Select All.

    2. Click OK. You return to the Business Group tab with the selected business groups displayed in the Assigned Business Groups list.

NOTE: You need to scroll to the right to see all the information in a row. The width of columns in the list can be adjusted to see more if required. Select the line between columns in the header, and drag it to the required position.

    1. To remove a business group from the Assigned Business Groups list, select the business group, and click Remove. To select multiple business groups, press CTRL, and click the business groups.

Important: IMPORTANT: If application-specific security of Human Resources is applied, data will be returned with row-level security for only those business groups that are in the Assigned Business Groups list and that are also accessible to the Noetix query user in Human Resources. If application-specific security of Human Resources is not applied, data will be returned without row-level security for the business groups in the Assigned Business Groups list.

  1. Click OK in the <Noetix query user> Properties dialog box. You will return to the Noetix Query User Maintenance tab.

  2. Click OK on the Security Manager dialog box to save the changes to the database.

Was this article helpful?

We're sorry to hear that.