Considerations for security entity

  • Security entity affects all modules within the HR Organization. Setup data is shared across modules within the HR Organization. For example, pay and deduction structure that is defined for payroll processing is also used by benefits plans and absence plans.
  • The Security Entity and Security Entity Description fields are displayed on setup forms and lists when security entity is enabled.
  • If setup data does not need to be defined by security, then leave the Security Entity field blank. Only module administrators can create and maintain setup data with a blank Security Entity field.
    • Unsecured objects can be attached to secured objects, but secured objects cannot be attached to unsecured objects.
    • Setup codes with a blank Security Entity field can be linked to setup codes that have a completed Security Entity field. For example, a Shift Table can have a blank security entity and be linked to a Pay Code with a security entity.
    • Setup data with a completed Security Entity field cannot be linked to setup data with a blank Security Entity field. For example, a Shift Table with a security entity cannot be linked to a Pay Code with a blank security entity.
  • Administrator roles have these functions:
    • Module administrators have access to setup data for all Security Entities.
    • Defining setup data by security entity is not required for administrator roles.
    • A user logged in as a module administrator can create, maintain, and view all setup data with or without a security entity.
    Note: When creating setup data that links to other setup data, module administrators should take extra caution when populating security entity to prevent misaligned setup data.
  • All ActorOrganizationUnit module administrators are required to act within their assigned security entity.
    • Security Entity is a required field when executing a create action on setup business classes.
    • ActorOrgUnit module administrators can create and update data with a security entity that matches their security entity access.
    • ActorOrgUnit module administrators can use data with a blank Security Entity, but they cannot create or update these setup data records. This is the responsibility of the module administrator.
    • Security Entity requires the use of ActorOrgUnit module administrator roles. These actors do not have access to setup data for other Security Entities.
    • Setup data that is considered global is not definable by Security Entity. The Security Entity field is not displayed.