Introduction
Security Profiles in Oracle Fusion HCM are one of the most critical components in controlling data access within the application. In real-world implementations, improper configuration of security profiles often leads to either excessive access (compliance risk) or restricted access (business disruption). As consultants, we spend a significant amount of time designing and validating Security Profiles in Oracle Fusion HCM to ensure users can access exactly what they need—no more, no less.
In Oracle Fusion HCM (Release 26A), security is role-based, and security profiles act as data filters attached to roles. They determine which business objects (like employees, departments, locations, etc.) a user can access.
What are Security Profiles in Oracle Fusion HCM?
Security Profiles in Oracle Fusion HCM define data visibility rules for users. While roles define what actions a user can perform, security profiles define which data the user can see.
Think of it this way:
| Component | Purpose |
|---|---|
| Role | What you can do |
| Security Profile | What data you can access |
For example:
An HR Specialist role may allow viewing employee records
A Security Profile will restrict access to only employees in a specific department or country
Key Features of Security Profiles
1. Granular Data Access Control
You can restrict data by:
Business Unit
Department
Legal Employer
Location
Position
Worker Type
2. Multiple Profile Types
Oracle Fusion HCM supports different security profiles:
Person Security Profile
Organization Security Profile
Position Security Profile
Legislative Data Group Security Profile
Payroll Security Profile
3. Role-Based Assignment
Security profiles are assigned to data roles, not directly to users.
4. Dynamic Filtering
Profiles can dynamically include:
Direct reports
Hierarchy-based access
Custom criteria
Real-World Business Use Cases
Use Case 1: Country-Specific HR Access
A global organization wants HR teams in India to access only Indian employees.
Solution:
Create a Person Security Profile filtered by Country = India
Assign to India HR Data Role
Use Case 2: Manager Hierarchy Access
Managers should only see their direct and indirect reports.
Solution:
Use Supervisor Hierarchy in Person Security Profile
Enable “Include indirect reports”
Use Case 3: Payroll Team Restriction
Payroll team should only access employees linked to specific payrolls.
Solution:
Create Payroll Security Profile
Attach it to Payroll Data Role
Configuration Overview
Before configuring Security Profiles in Oracle Fusion HCM, ensure the following setups are complete:
Enterprise structure configured
Legal Employers defined
Business Units created
Departments and Positions set up
Worker records available
Roles and Data Roles defined
Step-by-Step Configuration in Oracle Fusion
Step 1 – Navigate to Security Profile Setup
Navigator → Setup and Maintenance → Search Task:
Manage Data Roles and Security Profiles
Step 2 – Create Person Security Profile
Navigation:
Setup and Maintenance → Manage Person Security Profiles
Key Fields Explained:
| Field | Description | Example |
|---|---|---|
| Name | Profile Name | India HR Access |
| Secure by Person Type | Filter by worker type | Employee |
| Secure by Assignment | Apply assignment filters | Yes |
| Include Hierarchy | Manager hierarchy | Enabled |
Example Configuration:
Secure by Department: Sales India
Include Indirect Reports: Yes
Click Save and Close
Step 3 – Create Organization Security Profile
Navigation:
Setup and Maintenance → Manage Organization Security Profiles
Example:
Business Unit: India BU
Legal Employer: India LE
Step 4 – Create Data Role
Navigation:
Setup and Maintenance → Manage Data Roles
Steps:
Click Create
Select Job Role (e.g., HR Specialist)
Attach Security Profiles:
Person Security Profile
Organization Security Profile
Define Data Role Name
Click Save
Step 5 – Assign Role to User
Navigation:
Navigator → Tools → Security Console
Steps:
Search User
Add Role
Assign Data Role
Testing the Setup
Test Scenario
User: HR User India
Role: HR Specialist – India
Steps:
Login as user
Navigate to Person Management
Search employees
Expected Results:
Only employees from India should be visible
No access to other countries
Validation Checks:
Try searching global employee → Should not appear
Check manager hierarchy → Only assigned scope visible
Common Implementation Challenges
1. Overlapping Security Profiles
Multiple profiles may conflict, causing unexpected data access.
Solution:
Always validate profile combinations.
2. Missing Data Role Assignment
Users may have job roles but no data roles.
Impact:
User sees no data.
3. Incorrect Hierarchy Configuration
Hierarchy-based access may fail if supervisor data is incorrect.
4. Performance Issues
Complex security filters can slow down performance.
Best Practices
1. Follow Least Privilege Principle
Grant only required access.
2. Use Naming Conventions
Example:
PS_India_HR
ORG_India_BU
3. Test with Real Data
Always validate with actual employee records.
4. Avoid Over-Complex Filters
Keep security profiles simple for better performance.
5. Document Security Design
Maintain documentation for:
Profiles created
Roles assigned
Business logic
Real Consultant Insight
In one implementation, a client faced an issue where HR users could see global data despite restrictions. The root cause was:
A global Person Security Profile attached to the same role
Resolution:
Removed global profile
Retained country-specific profile
Lesson:
Always review all attached profiles—not just the primary one.
Frequently Asked Questions (FAQs)
1. Can a user have multiple security profiles?
Yes, but they are combined, which may expand access unintentionally.
2. What happens if no security profile is assigned?
User may either see no data or unrestricted data depending on role setup.
3. Can we restrict access by department and location together?
Yes, multiple filters can be combined within a single security profile.
Summary
Security Profiles in Oracle Fusion HCM are essential for controlling data access and ensuring compliance. They work alongside roles to define who can see what data within the system.
Key takeaways:
Security Profiles control data access
Always assign via Data Roles
Use hierarchy and filters carefully
Validate configurations thoroughly
A well-designed security model improves:
Data security
User experience
System performance
For more details, refer to Oracle official documentation:
https://docs.oracle.com/en/cloud/saas/index.html