Traditionally, users had option to create local security profiles only. That means, when user creates a security profile that automatically restricts people access to one business group only. With this method, you have to create atlease one security profile for each business group to complete the security setup. As shown below, if you have manufacturing people in Columbia & Sweden business groups, you have to create two security profiles to provide access to employees from both business groups.
Once these security profiles are created, user needs to attach these security profiles to both Sweden & Columbia HR responsibilities.
This method is fine as long as you have one or two business groups. As number of business groups increase, maintanance of security profiles becomes complicated due to high number of security profiles. If you need to make slight change to one (such as manufacturing group as shown above) security setup, you need to find these security profiles in all business groups and make the necessary changes to keep these profiles in sync. This becomes adminstrative nightmare as number of business groups and profiles increase.
To mitigate the administration effort, Oracle introduced global security profiles. Using this option, you can create one security profile which spans across all business groups or more than one business group, thus reducing the number of security profiles. For above given example, instead of creating security profiles for Sweden & Columbia, you can create one global security profile as shown below.
Once global security profile is created, user can attach the same global security profile to both Sweden & Columbia responsibilities. With this we reduced number of security profiles to one, which represents complete manufacturing division across all business groups.
One thing i would like to clarify is that, using global security profiles does not reduce the number of responsibilities, it only reduces the number of security profiles. User still needs to create one responsibility for each business group so that user can access people from each business group. Even though global security profile contains people from more than one business group, when user access the data in HR application using specific responsibility, he/she can only access people from business group which is attached to the responsibility.
If you are using Discoverer or custom reports for end user reporting, with some customization you can take advantage of global security profiles to report across multiple business groups. Normally to run reports in multiple business groups, user needs to switch responsibilities to run the report in each business group, extract the data, and combine it to complete the report for analysis or printing. With global security profiles, you can eliminate the issue with some customization on reporting side to make end user life easier.
Following are some high level advantages of global security profiles:
- Reduce number of security profiles
- Simplify changes to security profiles
- Accomodate global reporting across business groups
Hope this article is useful. Your feedback is most welcome.