Access Controls

We understand the key access control challenges faced by organisations using Oracle E-Business Suite and Oracle ERP Cloud include:


  • Access controls are very difficult to report from both Oracle E-Business Suite and Oracle ERP Cloud – there is no report to list users with a particular high risk privilege, such as amending supplier bank accounts
  • There are more than 35,000 privileges available in EBS and 10,000 in ERP Cloud, with no documentation of what is high risk
  • Understanding which of these privileges conflict with each other requires expert knowledge of high risk individual privileges and combinations in each Oracle ERP
  • Segregation of duties tools typically require costly installations and organisations to define and implement their own rule set


This is why we offer on site consulting services to help you design and implement best practice access controls into both Oracle and supporting administration processes, along with our unique and bespoke Access Analytics – segregation of duties service.

Systems Risk Services Access Analytics – segregation of duties Service Features


  • Reporting of users and their access to high risk privileges
  • Reporting of users and their access to conflicting business process privileges
  • Highlighting where users have been granted privileges intentionally or through unexpected Oracle loopholes such as the Processes tab or Subledger Journal entries
  • Reporting of Oracle Responsibilities and their privileges, including highlighting those that have high risk or unsegregated access

Systems Risk Services Access Analytics – segregation of duties Service Benefits


  • Summarised matrices allow organisations to focus on higher risk findings, rather than all possible access
  • Descriptions for access conflicts are shown as business process activities, not complex Oracle form names
  • Cross process conflicts are considered, such as between Purchasing and HR approvals
  • Highlighting access gained through loopholes provides insight into the organisation’s security awareness and training needs