Error: The HR Person attached to your FND_USER does not have a valid workflow role.

Check if an Employee is attached to FND_USER record?

If yes, then run the below query

SELECT status, start_date, parent_orig_system_id AS user_id
FROM wf_local_roles
WHERE parent_orig_system LIKE ‘FND_USR’

If no record is returned, but you still have FND_USER record, then run the process:
Synchronize WF LOCAL tables


Error in Global Deployment Between same source and Destination BGs multiple times

When we try to do Multiple Permanent GD between the same source and destination BGs, an error is encountered

You cannot initiate this deployment because the employee is already deployed on the proposal start date.”


The cause of this issue is previous Permanent Deployment Proposals are not end-dated and end-dating the Permanent Deployment Proposals is not currently supported by Global Deployments functionality.

While end-dating the records from the back-end is not advisable/supported, we can delete the previous permanent deployment proposal for that person between the same source and target business groups as a work around

when we want to deploy a person more than twice or thrice between the same source and target business groups.

Also, this is only a work-around and not a solution.  This is because History will be lost if the earlier proposal is deleted from the application.



Adding Final Process Date to the first Country would work.

How to delete Future records in HRMS

If you want to delete the future changes made in a record.

Employee had an assignment starting on 1-Jan-2017 to 31-Dec-4712
Made a change on o1-Feb-2017 by mistake,
Now has 2 Records
1. 1-Jan-2017 to 31-Jan-2007
2. 1-Feb-2017 to 31-Dec-4712

Now we want to delete the second record in the system

Steps for Solutions –>
1.  Date track to a date before the date of the update.
Check that the Effective End Date is the day before the change date.
2.  Press the Delete icon.
3.  At the message ‘Do you really want to delete this record?’ click on ‘Yes’.
4.  You will get a list of options – ‘Next’, ‘All’, ‘Purge’.
Press ‘Next’ to remove the update.
Press ‘All’ if there are more that one updates to this record in the future and you want to remove them all.
Press ‘Purge’ to remove the record totally from the system (not what you want in this case).
You may not be able to do all 3 options in which case the unavailable ones will either not be shown or will
generate a meaningful error message.
5. When you have pressed ‘Next’ or ‘All’ the record will disappear from the screen and you should press Save.

HR Profile Options

There are a number of User Profile Options that are of specific importance to HRMS system administrator


HR Option Purpose
HR:Business Group Business Group that is linked to the security profile for a responsibility. This option is used online to control access to records that are not related to organization, position, or payroll.
This option is seeded at Site level with the start-up Business Group. It is view only. Values are derived from the HR:Security Profile user profile option.
HR:Security Profile Restricts access to the organizations, positions, and payrolls defined in the security profile. This option is seeded at Site level with the view-all security profile created for the Startup Business Group.
HR:User Type Limits field access on windows shared between Oracle Human Resources and Oracle Payroll. If you do not use Oracle Payroll, it must be set to HR User for all responsibilities.
If you do use Oracle Payroll, you can give each Responsibility one of the following user types, depending on the work role of the holders of the responsibility: HR User, HR with Payroll User, Payroll User
HR:Query Only Mode Restricts access to view-only for all HR and Payroll forms on a menu.
HR:Use Standard Attachments Disables the facility to attach short text comments to records. Enables the attachment of multiple items of various types including OLE objects, Web pages, images, and word processed documents.

HR Security profile

All Oracle Applications users access the system through a responsibility that is linked to a security group and a security profile. The security group determines which business group the user can access. The security profile determines which records (related to organizations, positions and payrolls) the user can access within the business group.

There are two types of security profile:

  • Unrestricted
  • Restricted

A responsibility with an unrestricted security profile has unrestricted access to data in Oracle HRMS tables. It connects to the APPS Oracle User. If you connect to an unrestricted security profile, the data you see when you select from a secure view is the same data you see if you select from the table on which the secure view is based.

When you connect to the APPS Oracle User with a restricted security profile you can access the secure tables directly if you want to bypass the security restrictions defined in your security profile. You might want to do this to perform uniqueness checks, or to resolve foreign keys.

Restricted security profiles can optionally make use of read-only, or reporting users. These are separate Oracle Users, one per restricted security profile, that have read-only access to Oracle tables and views. Reporting users do not have execute privilege on Oracle HRMS PL/SQL packages, and do not have direct access to the secured Oracle HRMS tables.

How Secure Views Work

The information that is visible through a secure view depends on the definition of the security profile through which the view is being accessed.

If you have connected with a restricted security profile the information you can see is derived from denormalized lists of organizations, positions, people and payrolls.

The lists are used only when required. For example, the payroll list is empty for a security profile that can see all payrolls, and in the case of a security profile that can see all applicants but a restricted set of employees, the Person list contains employees but no applicants.

If the HR:Cross Business Groups profile option is ‘N’, the secure views return data only for the current business group.

If the HR:Cross Business Groups profile option is ‘Y’, the secure views return data for all business groups, subject to any further restrictions that apply by virtue of the current security profile.

Security Processes

Three processes are used to implement Oracle HRMS security:

  • Grant Permissions to Roles (ROLEGEN)
  • Generate Secure User (SECGEN)
  • Security List Maintenance (PERSLM)

ROLEGEN runs automatically as part of an installation or upgrade. If you are not setting up reporting users, you need not run SECGEN.

Refer to the topic on Security Processes, Oracle HRMS Configuring, Reporting, and System Administration Guide for details of how to submit SECGEN and PERSLM from the Submit Requests window. This section describes how the processes work.

ROLEGEN: Grant Permissions to Roles Process

A role is a set of permissions that can be granted to Oracle users or to other roles. Roles are granted to users by the SECGEN process (see below).

The ROLEGEN process must run before you run SECGEN. ROLEGEN dynamically grants select permissions on Oracle HRMS tables and views to the HR_REPORTING_USER role. This role must exist before ROLEGEN runs.

The HR_REPORTING_USER role is created during the install of Oracle HRMS. ROLEGEN is run during the install of Oracle HRMS.

Note: As ROLEGEN runs as part of the installation and upgrade processes, you do not need to run ROLEGEN manually.

ROLEGEN performs the following actions:

  • Creates public synonyms for HRMS tables and views, excluding unsecured tables (%_ALL_%)
  • Revokes all existing permissions from HR_REPORTING_USER roles
  • Grants SELECT permissions to HR_REPORTING_USER role for HRMS tables and views

SECGEN – Generate Secure User Process

You run SECGEN for a specified security profile. It grants the HR_REPORTING_USER role to the Oracle User associated with the security profile.

SECGEN must be run after ROLEGEN. However, once SECGEN has been run for a particular security profile, you need not rerun it even if ROLEGEN is run again.

SECGEN is a PRO*C process with embedded SQL statements. You initiate it from the Submit Requests window.

PERSLM – Security List Maintenance Process

You should run PERSLM periodically (for example, nightly) to refresh the security lists upon which the secure views are built.

Important: This process has the capability to run multi-threaded, allowing it to take advantage of the capabilities of your hardware.

PERSLM is a PL/SQL procedure that you submit from the Submit Requests window. It builds the required security lists based on the restrictions defined for the security profiles being processed.

Defining Full Name format In HRMS

Global Super HRMS Manager > Other Definitions > Person Name Formats

Pre-requisites:                Set system profile HR:Local or Global Name Format

value = Local Format

Click on Create New Format

Format Type Legislation User Format Choice
Full Name Malaysia Local Format


Sequence Space Punctuation Space Component Space Punctuation Space Move Up Move Down Delete
1 Prefix
2 Last Name
3 Title
4 First Name
5 Middle Name
6 Preferred Name


Click Apply


Update Person Names – Concurrent Program

Responsibility :Global Super HRMS Manager


Create Person Name Formats

Set system profile option


Concurrent Program

Update Person Names



Format Type Legislation Disable Who Trigger
Full Name Format Malaysia Yes

Global Deployment & Global Employee Numbering

Global Deployments function is used by HR Professionals to transfer an employee either permanently or temporarily to a different business group. At the start of the deployment, Oracle HRMS automatically creates or updates employee records in the destination business group.

If the transfer is permanent, then HRMS terminates employee records in the source business group. If the transfer is temporary, then HRMS suspends the employee’s current assignments.

When the employee returns from a temporary deployment, HRMS automatically terminates the employee record in the destination business group and reinstates suspended assignments in the source business group.

If you use the Global Deployments function to transfer an employee to a different business group when global employee numbering is in effect, then the transferred employee automatically retains the employee number from the source business group.

Otherwise, a person who moves from one business group to another does not retain the person number from the source business group

The following profile option needs to be set :  HR: Propagate Data Changes to Yes at the site level.

To create a deployment proposal, the HR Professional in the destination business group uses the Global Deployments function.


To change the Employee numbering to Global Numbering:

Select Employee Numbering to ‘Automatic’

Run ‘Change automatic person number generation to global sequencing’ for person type you would like to enable global sequencing

This process sets the following profile options

  • HR: Use Global Employee Numbering

To ‘Yes’

If The contingent Worker need to follow the same sequence then select Option (While defining  BG) as follow employee sequence.