Access Controls

We understand the key access control challenges faced by organisations using Oracle Cloud ERP, Oracle Cloud HCM and Oracle E-Business Suite include:

 

  • Access controls are very difficult to report from Oracle Cloud ERP, Oracle Cloud HCM and Oracle E-Business Suite – there is no report to list users with a particular high risk privilege, such as amending supplier bank accounts
  • There are more than 35,000 privileges available in EBS and 10,000 in Cloud ERP and Cloud HCM, with no documentation of what is high risk
  • Understanding which of these privileges conflict with each other requires expert knowledge of high risk individual privileges and combinations in each Oracle ERP

 

This is why we offer consulting services to help you design and implement best practice access controls into Oracle and supporting administration processes, along with our unique and bespoke Access Analytics – segregation of duties service. In addition we also partner with Oracle to help Cloud ERP and Cloud HCM customers enforce segregation of duties through Oracle’s Risk Management Cloud service.

Systems Risk Services Access Analytics – segregation of duties Service Features

 

  • Reporting of users and their access to high risk privileges
  • Reporting of users and their access to conflicting business process privileges
  • Highlighting where users have been granted privileges intentionally or through unexpected Oracle loopholes such as the Processes tab, Subledger Journal entries or FBDI One Time Payments
  • Reporting of Oracle Responsibilities or Roles and their privileges, including highlighting those that have high risk or unsegregated access

Systems Risk Services Access Analytics – segregation of duties Service Benefits

 

  • Summarised matrices allow organisations to focus on higher risk findings, rather than all possible access
  • Descriptions for access conflicts are shown as business process activities, not complex Oracle form names
  • Cross process conflicts are considered, such as between Purchasing and HR approvals
  • Highlighting access gained through loopholes provides insight into the organisation’s security awareness and training needs