Oracle ERP HCM Location Based Access Control (LBAC)

Oracle Cloud (ERP/HCM) has Location Based Access Control, which an excellent feature to control user access to tasks & data based on their roles and IP addresses.

Various Oracle blogs related to LBAC which provides all the necessary details -

https://blogs.oracle.com/fusionhcmcoe/post/enabling-lbac-location-based-access-control

https://blogs.oracle.com/fusionhcmcoe/post/lbac-vs-ip-whitelisting

https://docs.oracle.com/en/cloud/saas/human-resources/22d/ochus/overview-of-location-based-access.html#s20068058

How LBAC can be used to secure REST API access - This is very good security feature if external systems are integrating with Oracle ERP/HCM using API's.

https://www.ateam-oracle.com/post/securing-oracle-fusion-applications-rest-apis-with-location-based-access-control-lbac

Oracle cloud ERP/HCM read-only access

Providing read only access to Oracle cloud ERP/HCM is a common requirement. Oracle has provided an easy way to provide this functionality.

To enable read-only mode for a user:

1. In the Setup and Maintenance work area, use the Manage Administrator Profile Values task.

2. In the Search section of the Manage Administrator Profile Values page, enter FND_READ_ONLY_MODE in the Profile Option Code field and click Search.

3. In the FND_READ_ONLY_MODE: Profile Values section of the page, click the New icon.

4. In the new row of the profile values table:

a. Set Profile Level to User.

b. In the User Name field, search for and select the user.

c. Set Profile Value to Enabled to activate read-only access for the selected user.

5. Click Save and Close.

When the user next signs in, a page banner reminds the user that read-only mode is in effect and no changes can be made.

Reference to Oracle documentation -

https://docs.oracle.com/en/cloud/saas/human-resources/22d/ochus/provide-read-only-access.html#s20056769