Oracle Light

Jan 12, 2019

Oracle HCM Cloud: How to hide full/part of Social Security Number (SSN)

Seeded Human Resources Analyst/Specialist/Manager roles include the following data security policy to get access to manage employee social security number. Hiding full/part of it is most common ask among Oracle HCM Cloud user community. Oracle already have an enhancement request for this ask (Bug 21534753). This blog post will explain steps to do this.

Removing the following data security policies from a copy of seeded role will remove access to manage field.

Things get complicated, when it needs to show part of it, say for example, last 4 digits of Social for verification purposes.

This requirement can be achived by following these simple steps.

Step#1)

a) Create a Sandbox, navigate to “Manage Person” page, select “Edit pages” option which is available in “Settings and Actions” and select “Site Level” and click OK. Navigate to the seeded filed in Task Flow and edit the field component to uncheck “Show Component” checkbox as shown below.

b) If the requirement is to show last 4 digits of Social for specific roles, then do not uncheck directly, but use the following EL expression to conditionally not show this field for specific roles.

#{!securityContext.userInRole['CUSTOM_ROLE1,CUSTOM_ROLE2']}

Step#2)

a) Click “+” icon and select Components -> HTML Markup and select Add. Click edit output text and add the following script in “Value” area. Adjust all other properties as needed to match desired look and feel.

<p id="nidCustom"></p>

<script>
var is = "#{row.bindings.NationalIdentifierType.items[row.bindings.NationalIdentifierType.inputValue].label}" + ": XXX-XX-" + "#{row.NationalIdentifierNumber}".slice(-4);
document.getElementById("nidCustom").innerHTML = is;
</script>

b) If you choose to conditionally set this component field in Step#1a, then make sure to edit “Show Component” for this region to show only for specific roles as shown below.

#{securityContext.userInRole['CUSTOM_ROLE1,CUSTOM_ROLE2']}

Hope you find this useful, comment below to let me know.

Regards
Suresh

Jul 29, 2018

Oracle HCM Cloud: How to Mass update Work Email Addresses and User Names Format

This is my first blog post on Oracle HCM Cloud related topics. Hope you continue to find them useful. Use comments section below to let me know. 😊

When a new hire is created, or Employee records are converted for the 1^st time using HCM Data Loader (HDL), username creation is based on the settings in Security Console -> Administration -> General tab.

In this screenshot, username creation is set to automatic in the format FirstName.LastName. This setting is applicable to all channels including employee conversions using HDL, hiring a pending worker, entering a new hire record or creating new hire using REST API. Changing this setting to “Email” will mean username format creation by using work email address or personal email address in case of missing work email or FirstName.LastName in case of no email address. This behavior is for future records and existing username formats will remain as they are.

This blog post explains the steps involved in changing the username format from FirstName.LastName to Email format both for existing records. A typical business use case for doing this would be, while enabling Active Directory Bridge (also known as AD bridge) to match user name formats in Enterprise Active Directory. Another use case would be, for Security Administrators to bulk update missing work email addresses and clean up usernames without reassigning the existing roles.

Step1) Obvious step, change the email format to the desired.

Step2) Identify and prepare the list of employees to update using OTBI report with subject area “Workforce Management – Person Real Time”

Step3) Use HDL to update the work email addresses on employee records, using the following columns

UserKey Apporach:

File Name: Worker.dat

MERGE|PersonEmail|HR_DATA|111111_EMAIL_W1|111111|2018/01/01|4712/12/31|W1|work.email1@enterprise.com|Y

MERGE|PersonEmail|HR_DATA|222222_EMAIL_W1|222222|2017/01/01|4712/12/31|W1|work.email2@enterprise.com|Y

MERGE|PersonEmail|HR_DATA|333333_EMAIL_W1|333333|2016/01/01|4712/12/31|W1|work.email3@enterprise.com|Y

SourceSystemId - Use the format from original loads (format used during initial conversions). If you are not sure about this format, try GUID approach as described below.
PersonId(SourceSystemId) - use “Employee Number”
DateFrom - use “Enterprise hire Date”

GUID Approach:
If you above format is coming out as error similar to "A parent for this record was not found", try this GUID method to locate the exact records.

METADATA|PersonEmail|EmailAddressId|PersonId|DateFrom|DateTo|EmailType|EmailAddress|PrimaryFlag

MERGE|PersonEmail|HR_DATA|300097545|4005984513|2018/01/01|4712/12/31|W1|work.email1@enterprise.com|Y

MERGE|PersonEmail|HR_DATA|300785431|4005391594|2017/01/01|4712/12/31|W1|work.email2@enterprise.com|Y

MERGE|PersonEmail|HR_DATA|300037898|4005788205|2016/01/01|4712/12/31|W1|work.email3@enterprise.com|Y

Alternate Approach:
Well, that isn't helping either? Try Spreadsheet loader by creating a new spreadsheet template using My Client Groups -> Data Exchange -> tasks -> Manage Spreadsheet Templates area.

Business Object: Worker
Supported Action: Create and update

Select the following columns:

Preview template to download excel and enter details:
Note - "Date From" here is enterprise hire date.

Step4) Use HDL to submit request to update user name

File Name: User.dat

METADATA|User|PersonNumber|Username|CredentialsEmailSent

MERGE|User|111111|work.email1@enterprise.com|Y

MERGE|User|222222|work.email2@enterprise.com|Y

MERGE|User|333333|work.email3@enterprise.com|Y

Step5) Submit a scheduled job “Send Pending LDAP Requests” from Navigator -> Scheduled Processes -> Schedule New Process

Mar 2, 2018

EBS: Learning Management: How to setup learner access to restrict courses specific to Managers

Major organizations do offer courses specific to managers, to help them align with their learning path goals. Allowing such courses to be viewed and enrolled by managers only, is an extremely desirable feature of OLM. This desirable functionality, not only stream lines the enrollment process but also saves time for instructors and admins to filter/reject the enrollments that are not managers. Unfortunately, OLM don’t directly support this functionality. This article will discuss a workaround to meet such a business need.

"Learner Access" is a feature of Oracle E-Business Suite Learning Management module, that allows the users to restrict the courses/offerings/classes for targeted groups. Another cool feature of Learner access is, it inherits down in hierarchy, for example, you can choose to inherit restriction for all classes of an offering by just setting up learner access at offer level. Definition of Learner Group may include "Assignment", "Learner", "Eligibility Profile" and "Learner Group" itself.

Assignment/Learner - This option enables you to pre-define a static list and offer courses for a specific set: Suitable to meet requirements like.... courses for executive board members etc...

Learner Group - This option enables reusability of existing groups: Best to meet multiple restrictions together like, courses offered specially for department 101 and full-time staff.

Eligibility Profile - This option offers greater flexibility to define eligibility based on majority of fields related to personal, employment and derived factors.

OLM version of "Eligibility Profile" form has a lot of restrictions, despite the fact that it uses the same form as Advanced Benefits (OAB) and Performance Management (OPM) modules. For example, it won't allow to write a custom rule based on Fast Formula and include it in learner access eligibility profile. This enhancement is acknowledged by Oracle and documented as part of Note 1640607.1

Fortunately, this form, does include "Assignment set" option. This option can be used as a workaround and code any custom requirement in assignment set formula by writing new package using PL/SQL. Following picture try to summarize how this can be done.

Step1) "Assignment Set" defined based on a "Criteria", internally generates a Fast Formula. We will leverage this functionality and create an assignment set first and edit the generated formula later. Create assignment set using any HRMS manager responsibility and add a dummy criterion, as shown below in "Criteria" tab and click on "Generate" button. Make sure assignment set name doesn't include any spaces to avoid potential errors.

Step2) Navigate to Total Compensation -> Basic -> Fast Formula and open "Formula Functions" form and create a new function with the details as shown below. Also add the contexts "assignment_id" and "date_earned"

Step3) Navigate to Total Compensation -> Basic -> Fast Formula and open "Write Formula" and search with the assignment set name created in Step-1. A formula should have already created with the same name. Click Edit and copy paste the following code.

INPUTS are INCLUDE_FLAG (text)

INCLUDE_FLAG = XX_is_valid_manager()

RETURN INCLUDE_FLAG

Step4) Now write PL/SQL code to match your custom requirement. Here is a code snippet for checking the manager in Supervisor hierarchy for our example.

Step5) Define an eligibility Profile based on this assignment set, by navigating to Learning Administrator -> Learning Administration -> Maintain Eligibility profiles

Step6) Define a learner group based on this eligibility profile, by navigating to Learning Administrator -> Setup Administration -> Groups -> Learner Groups and define a new one or edit existing to add eligibility profile created in previous step. Your learner group is now ready, use it wherever you need. You may need to click “Process Eligibility profiles for Learner Group” button before using it, which will execute the FF and identify the managers. You may also review the identified managers from “View Members” on eligibility profile page.

My colleagues Anand, Jason and I together discovered this solution. 😊

Do you find this topic useful? Comment below to let me know.

Thanks

Suresh