Creating Custom Role with view on privileges

Prerequisites:
The user should have Oracle identity Manager Role to have Create Role enabled.

Step 1: Create Role

Navigation: Setup and Maintenance->Create Implementation Users

In Roles Tab Select Create Role

Step 2: Creating Custom Duty Role

In APM create custom Duty role.

APM: Authorization Policy Manager.

To Navigate to Authorization Policy Manager.

Navigation:

Setup and maintenance: Search for the task Manage Duties

Click on the link.

It opens the below page

We have to create new application Role.

So click on New under application roles.

Give the below Details:

Display Name: XX_AR_PGA_DUTY

Role Name: XX_AR_PGA_DUTY

Step 3: Assign this Custom duty role to Job role

Click on External Role Mapping tab

Click on map Roles.

 Step 4:Create Policy

Click Create Policy to create function security policy. Assign the following privileges:

Manage Receivables Balances Activities (to see Receivables Balances link in navigator)
Review Customer Account Activities (to see Review Customer Account Details link in
Receivables Balances WA task pane)

In the Name Field Give: XX_AR_PGA_CUSTOM_POLICY

Click on the + symbol at Target Section and search for the required roles and privileges.

Click on Add selected to move them to Selected Targets

Step 5:

Additionally Assign following seeded Duty Roles to custom job role

In order to search job role:

In Search Panel

Select For External Roles

In Global Scope

Search for the role : XX_ARA_PGA_VIEW_JOB

Click on the link

Click on Application Role Mapping.

Click on +Map symbol

This warning is shown if already the Role is mapped.

Now search for the required roles and select the role click on map roles.
The above defines the function security.

Step 6: Define data security for new custom job role.

Create a new custom data role template

Give Template Name: XX_AR_PGA_TEMPLATE

Template Group : BU

Make sure Template Group is BU. This will allow the template to be automatically executed
when a new BU is created.

Step 7: In external Roles add roles

Click on Add and search for the custom Job role..

Step 8: Go to Dimension Tab

Copy the dimension SQL from the original AR role template BillingRevMgtandCustPayment.
Click Preview button.
Step 9: In Naming tab Give the naming as for the AR role

Step 10: PolicyTab

In Policies tab, add the FUN_ALL_BUSINESS_UNITS_V object to the Database Resource

table. Collapse the Base Roles table to show more space for Data Security Policies. In Data Set
tab, select Attribute Mapping = BU_ID.
 Step 11: Actions Tab

Go to Actions tab. Scroll and select following data privileges and check it.

Manage Receivables Activities

Manage Receivables Transactions
Manage Receivables Receipts
View Receivables Activities

Step 12:

Click the Save button to save the new template. Then click the Generate Roles button to
generate the data roles and grants for existing BUs. When a new BU is defined, this template will
be automatically executed to generate the data role and grant for the new BU
Click on Ok

Step 13: Assigning the role to User

Go back to OIM. Depending on what BU the user needs to access, assign the corresponding data
role to the user.

Setup and Maintenance ->Create Implementation Users

Assign the roles to user

14) Login to Application with the test user. The Receivables Balances link should be
available in Navigator menu.

Step 15: Click Receivables Balances in Navigator.

Step 16 : Verification

The Review Customer Account Detail task link should be available in task pane of
Receivables Balances Work area. Navigate to the Review Customer Account Detail UI and
search for Customer Account Number

References:

Oracle Fusion Receivables: How to Create a Custom Role with View Only Privileges (Doc ID
1456122.1)