You are on page 1of 28

4

Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

Overview of Security
s a
h
) a
o m
p e c uide
@ h nt G
r
a tude
u m
d y -k his S
r e d se t
a r ath e to u
y (bh icens Copyright 2016, Oracle and/or its affiliates. All rights reserved.

e dd ble l
t h R ra
a r a nsfe
Bh n-tra
no
Objectives

After completing this lesson, you should be able to:


Understand the Cloud security methodology.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

Plan your use of the security implementation.


Identify the components of data security.
Discuss how roles can be assigned automatically or
manually.
Explore the new Security Console to customize roles and
users. a
h a s
Review the audit reports and resources. )
c om ide
h pe t Gu
a r@ den
- k um Stu
e d dy this
t h r u se
a r a e to
y (bh icens Copyright 2016, Oracle and/or its affiliates. All rights reserved.

e dd ble l
t h R ra
a r a nsfe
Bh n-tra
no

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 2


Oracle Financial Cloud Security Methodology

The Cloud security methodology can be summarized with the


simple statement: WHO can do WHAT on WHICH set of data.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

Who: The user.


What: Individual actions a user can perform.
Which: The set of data.

Who What Which Data


General Accountant Enter and post journals UK Ledger
s a
a
)h
m
coownuide
Employees View payslip
Employees
e
@ hp only
payslip
n t G
r
a tude
u m
k is UK S Ledger
General Accounting Create and runy-reports
Manager e d
d se t h
r
a r ath e to u
y (bh icens Copyright 2016, Oracle and/or its affiliates. All rights reserved.

e dd ble l
t h R ra
r aThe users e
fwho
a
Who:
h -tra n performs functions in your company, such as an Accounts Payable
Bsupervisor.
nonIndividual actions a user can perform, such as the ability to approve a payables
What:
invoice.
Which: The set of data that the user can perform the action on, such as payables
invoices within your assigned business units.

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 3


Security Reference Implementation

Oracle Financials Cloud comes with a predefined security


reference implementation which consists of:
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

A baseline set of predefined security definitions.


Job roles that closely match real-life jobs.
Duty roles.
A set of security components which are:
Delivered with the offering or service.
Used to meet the business needs of most enterprises. s a
)h a
m
co uide
e
@ hp nt G
m ar tude
y - ku is S
e d d th
r e
r a th to us
( b ha nse
d d y l i ce Copyright 2016, Oracle and/or its affiliates. All rights reserved.

R e able
r h sfer
atreference
h a
The security
t r a n implementation covers all functions and actions that need to be
B
secured. The -security definitions were based on industry standards. Unless you have
nonexisting functions or added new functions, you shouldnt have to create any new
customized
job or duty roles. The implementation includes:
Complete set of job roles.
Duty roles and role hierarchy for each job role.
Privileges granted to each duty role.
Data security policies for each job role.
Policies that protect personally identifiable information.
Policies enforced across tools and access methods.
Policies related to segregation of duties that are reflected in the design of duties for the
job role.
Segregation of duties conflicts.

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 4


Points to Consider When Implementing the First Project

Define at least one implementation user using the Create


Implementation Users task at the beginning of the project.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

After implementing the first project, consider:


Data Access Sets: Define read and write access to entire GL
ledgers and balancing segment (company) values of ledgers.
Segment Value Security: Controls access to individual segment
values in your chart of accounts such as no access to
Company 01, Dept. 100, or Salaries account.
s a
)h a
m
co uide
e
Co CC Acct @ hp nt G I/C
a r d e
- k um Stu
e d dy this
t h r u se
a r a e to
y (bh icens Copyright 2016, Oracle and/or its affiliates. All rights reserved.

e dd ble l
t h R ra
a
The first r a nsfe user is for creating only the initial enterprise structure and is not a
implementation
realB
h -tHCM.
personnin ra After the initial enterprise structure is complete, you can create additional
o using the Manage Users or Import Worker Users tasks. Your users require that
users innHCM
a business unit, legal entity, and other setup be added after the initial implementation.
Planning is essential:
Analyze the access requirements specific to your organization, understanding who
needs access to what.
Compare the requirements with the predefined roles in the security reference
implementation, and decide which predefined roles meet your requirements and can be
used as-shipped, and which will require customizations to meet your requirements.
Certain product areas, such as Accounts Payable and General Ledger, include multiple
roles in the reference implementation. To compare accesses granted to each role, you
can use the Compare Role feature in the Security Console.
Other segment value security considerations:
For upgraded R11 customers, if you add or remove a BU or ledger, you must regenerate
roles from that data role template.
Consider having different users define roles and provision roles.

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 5


For On-Premises Implementations Only
The Oracle Fusion Applications super user FAADMIN, by default, has all necessary access
rights for implementing Oracle Fusion HCM and administering security. This access is
provided by the following job roles:
Application Implementation Consultant
IT Security Manager
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

However, neither of these roles provides the required access for creating and managing
Oracle Fusion Applications users; therefore, the OIM system administrator must add the
following two OIM roles to the IT Security Manager job role:
Identity User Administrator, which carries user management entitlement.
Role Administrator, which carries role management entitlement.
Note: Assign the Xellerate Users organization to the IT Security Manager.

s a
h
) a
o m
p e c uide
@ h nt G
r
a tude
u m
d y -k his S
r e d se t
a r ath e to u
y (bh icens
e dd ble l
t h R ra
a r a nsfe
Bh n-tra
no

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 6


Function and Data Security

Oracle Financials Cloud uses role-based access control (RBAC).


Your application is secure as delivered.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

You give function and data access through roles that you
assign to users.
Function security allows you to access:
A page or a specific object.
Functionality within a page, including services, screens, and
task flows. a s
Data security consists of privileges conditionally granted h
) as:a
c o m e
Data security policies carried by roles.
pe t Gu i d
h
Human Capital Management (HCM) security a r@ dprofiles.
e n
- k um Stu
e d dy this
t h r u se
a r a e to
y (bh icens Copyright 2016, Oracle and/or its affiliates. All rights reserved.

e dd ble l
t h R ra
a r
For example, s fecan enable users to work with journals. A data role that inherits the job
a a jobnrole
roleB
h -traaccess to the journal data within a ledger.
can provide
n
norole
The data General Accounting Manager US inherits functionality from the General
Accounting Manager job role, and it enables users to perform general ledger duties in the US
ledger.

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 7


Types of Roles

Three role types can be assigned to users. These enterprise


roles, also called external roles, are:
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

Enterprise Job roles: Represent jobs that users perform in an


organization, such as Accounts Payable Manager.
Abstract roles: Represent people in the organization
independent of the jobs they perform, such as employee or
line manager.
Duty role: Logical collection of privileges that grant access toa
tasks that someone performs as part of a job, such as) ha
s
m
processing payables invoices or posting journals. co de pe t Gui
h
a r@ den
- k um Stu
e d dy this
t h r u se
a r a e to
y (bh icens Copyright 2016, Oracle and/or its affiliates. All rights reserved.

e dd ble l
t h R ra
Assign a r
these s fe to users:
a rolesndirectly
Bh n-traYou can also create custom job roles.
Joboroles:
n
Abstract roles: All users are likely to have at least one abstract role that provides
access to a set of standard functions, such as expense reporting or procurement. You
can also create custom abstract roles.
Assign these roles to Job and Abstract roles, not directly to users:
Duty roles: You can also create custom duty roles.

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 8


Role Inheritance
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

s a
)h a
m
co uide
e
@ hp nt G
m ar tude
y - ku is S
e d d th
r e
r a th to us
( b ha nse
d d y l i ce Copyright 2016, Oracle and/or its affiliates. All rights reserved.

R e able
a r
Role inheritance
ferconcept in the security model. The figure illustrates the hierarchy of
ath isnaskey
job B
h -role
and duty trainheritance, which are used as the building blocks in Oracle Cloud Security.
n
no every role is a hierarchy or collection of other roles.
Almost
- Job and abstract roles inherit duty roles.
- Duty roles can inherit other duty roles.
You can also assign privileges directly to job, abstract, and duty roles.
When you assign job and abstract roles to users, they inherit all of the data and function
security associated with those roles.

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 9


Oracle Fusion Inheritance Model
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

s a
)h a
m
co uide
e
@ hp nt G
m ar tude
y - ku is S
e d d th
r e
r a th to us
( b ha nse
d d y l i ce Copyright 2016, Oracle and/or its affiliates. All rights reserved.

R e able
athbuilding f er
Rolesh arthe
are
t r a s
n blocks of security.
B
Youocann- start at the bottom with duty roles, which you can combine with other duty roles.
n
For example, you can combine a journal entry duty role with a journal reporting duty
role.
The job and abstract roles inherit duty roles. For example, the General Accountant job
role can have one or more duty roles.
The data roles inherit the job role and give the user access to specific data such as
ledgers, asset books, or business units.

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 10


Security Example with Data Role Added
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

s a
a
)h
m
co uide
e
@ hp nt G
m ar tude
y - ku is S
e d d th
r e
r a th to us
( b ha nse
d d y l i ce Copyright 2016, Oracle and/or its affiliates. All rights reserved.

R e able
r h sfer
atnow
h a
The diagram
t r a nshows Data Role added to secure Anita Kennedy to the UK Set of Data in
B - for her General Accountant Job role.
the UK Ledger
non

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 11


New Data Security for R11

NEW
Applicable to new customers only.
Does not use data role templates.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

Assigns users directly to the job roles and to the appropriate


data sets.
Uses the new Manage Data Access for Users page.
Existing customers upgrading from previous releases:
Continue to utilize the old data role based model for their data
security implementation. s a
a
)h
Assign specific data sets, such as business units,oledgers,
m
warehouses, and so on. p e c uide
@ h nt G
r
Use data roles that were automaticallyagenerated de by data role
u m t u
templates. y-k is S d d th
r e e
r a th to us
( b ha nse
d d y l i ce Copyright 2016, Oracle and/or its affiliates. All rights reserved.

R e able
r athethManages f er
h a
To access
t r a n Data Access for Users page, navigate to Setup and Maintenance >
B
Manage Data - Access for Users task.
non

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 12


Assigning Data Scopes to Users for New Customers
Only
Use the Manage Data Access for Users task to assign users to
data scopes.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

Assign data scopes to users by provisioned role.


Use the import capability to create a large number of
assignments.

NEW a
h a s
m )
o
c uide
p e
h nt G
r @
a tude
u m
d y -k his S
r e d se t
a r ath e to u
y (bh icens Copyright 2016, Oracle and/or its affiliates. All rights reserved.

e dd ble l
t h R ra
r a Manage s e
fData
You use
h athe
t r a n Access for Users task to assign users to data scopes, like
B - Ledgers, and Asset Books. You can access this task from the Setup and
Business Units,
non work area.
Maintenance
You assign data scopes to users by role, and you can only assign data scopes to roles a user
has been provisioned.
You can also import assignments from a spreadsheet. By clicking on the Authorize Data
Access button in the Manage Data Access page, you can download a spreadsheet which you
can use to import the data assignments. You can prepare the data from another source, such
as your legacy system, and populate the spreadsheet, and then import.

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 13


Oracle Identity Manager

Operates in three modes:


Self-Service: You can manage your own roles and privileges.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

Delegated Administration: You manage the roles and


privileges of other users.
Advanced Administration: You can manage password policies
and perform other system administrative functions.

s a
a
)h
m
co uide
e
@ hp nt G
m ar tude
y - ku is S
e d d th
r e
r a th to us
( b ha nse
d d y l i ce Copyright 2016, Oracle and/or its affiliates. All rights reserved.

R e able
r h sfer
atIdentity
a
h -tran Manager (OIM) access is granted to the predefined IT Security Manager
Oracle
Brole. n
noAdministration
Use Mode in OIM to create users and provision roles. OIM opens by
default to the self-service view.
- The title displays whether you are in Administration mode or Self-Service mode.
- To switch from Self-Service Mode to Administration Mode, click on the button in
the upper right hand corner.

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 14


Creating Users

If you are not implementing Human Capital Management


(HCM), use the Manage Users task to create users. The
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

Manage Users task creates a minimal person record and a


user account.
If you are implementing HCM, use the Hire an Employee task
to create users instead. The Hire an Employee task creates
the full person record as well as the user account.
Use the Create Implementation Users task to create a
a
implementation users without associating a person record. s
m )h
co uide to
Use a spreadsheet to import users from legacy applications
e
hp tUsers
Oracle Financials Cloud using the Import Worker G task.
a r@ den
- k um Stu
e d dy this
t h r u se
a r a e to
y (bh icens Copyright 2016, Oracle and/or its affiliates. All rights reserved.

e dd ble l
t h R ra
Access a r
the n s fe
atasks above:
Bh n-Users:
Create
tra Navigate to: Setup and Maintenance > Manage Users > Create icon or
on
o Navigator > My Team > Manage Users > Create icon.
nthe
Hire an Employee: On the Navigator > My Workforce > New Person > Tasks panel >
Hire an Employee. This task creates the full person record needed by HCM, such as job
assignment, job code, department, manager, etc., as well as the user account itself.
Create Implementation Users: Navigate to: Setup and Maintenance > Create
Implementation Users > Administration tab > Create User icon.
Import Worker Users: Navigate to: Setup and Maintenance > Import Worker Users >
Create Worker > Create Spreadsheet icon or on the Navigator > My Workforce > Data
Exchange > Tasks panel > Initiate Spreadsheet Load > Create Worker > Create
Spreadsheet icon.
Note: The import process handles both user account creation and auto provisioning of roles.

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 15


Role Provisioning Tasks

Roles can be provisioned (assigned) to users:


Manually provision roles to users using Oracle Identity
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

Manager.
Automatically provision a role to users by defining a
relationship, called a role mapping, between the role and
some conditions.

s a
a
)h
m
co uide
e
@ hp nt G
m ar tude
y - ku is S
e d d th
r e
r a th to us
( b ha nse
d d y l i ce Copyright 2016, Oracle and/or its affiliates. All rights reserved.

R e able
r h sfer
atprovision
h a
To manually
t r a n roles, use the Create Implementation Users task from Setup and
B
Maintenancen-to access Oracle Identity Manager. Make sure you switch to Administration
noassign
mode to roles to users.
To assign a role to a specific user:
- Use the search box to search for the desired user.
- Open the user and go to the Roles tab.
- Click the Assign button to assign new roles to the user.
To assign the same role to multiple users:
- Search for the role.
- Go to the Members tab.
- Click the Assign button to assign multiple users to the same role.
Roles are automatically provisioned when one of the user's assignments matches all role-
mapping conditions and the auto provision option is selected.

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 16


Using Role Mappings

Create and manage role mapping rules.


Use the Manage Role Provisioning Rules task to create and
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

manage role mapping rules.


If HCM is implemented, use the Manage HCM Role
Provisioning Rules task instead.
Set a role attached to a role mapping role to:
Requestable: Qualifying users can provision roles manually to
other users. s a
)h a
Self-requestable: Users can request the role for themselves. m
Auto-provision: The system will automatically e co uroles
assign ide to
p
h nt G
users when they meet all the conditions r @
in the
a tude role mapping.
This provision the role to all users m
u doSnot already have
kwho
d y - his
the role assigned. r e d e t
r a th to us
( b ha nse
d d y l i ce Copyright 2016, Oracle and/or its affiliates. All rights reserved.

R e able
r ath allow s f er
h a
Role Mappings
t r a n you to automatically assign roles to users if they match the conditions
B - Role Mappings. As users transfer departments or change jobs, the Role
specified innthe
nocan automatically assign the correct roles to the users.
Mappings
Each role mapping rule is based on a set of attributes that can be matched to a users
assignment, such as Department, Job, and Location. For example, you may define a rule that
limits role mapping to current employees of the Finance Department whose Job is Accounting
Manager.
Roles capture the nature of work intended to be performed by the user.
A range of security roles are granted to the new user.
This enables users to access application flows that are crucial for performing the tasks.
When the list of assigned security roles is populated, you can remove or add new roles as
needed.
Note: Auto-provision: Deprovisions roles immediately from users who are no longer eligible
for roles that they currently have.

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 17


Practice 4-1 to 4-3 Overview: Using User Security

This practice covers the following topics:


Practice 4-1: Defining role mapping.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

Practice 4-2: Creating a user.


Practice 4-3: Creating an employee.

s a
h
) a
o m
p e c uide
@ h nt G
r
a tude
u m
d y -k his S
r e d se t
a r ath e to u
y (bh icens Copyright 2016, Oracle and/or its affiliates. All rights reserved.

e dd ble l
t h R ra
a r a nsfe
Bh n-tra
no

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 18


Customizing Roles

If jobs exist in your enterprise that aren't represented in the


security reference implementation:
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

Create custom job roles by copying existing roles.


Add duty roles and privileges to custom job roles.
If the privileges for a predefined job role don't match the
corresponding job in your enterprise:
Create custom job roles by copying existing roles.
Add or remove duty roles, function security privileges, and s a
h a
data security policies. m) c o ide

pe t Gu
h
a r@ den
- k um Stu
e d dy this
t h r u se
a r a e to
y (bh icens Copyright 2016, Oracle and/or its affiliates. All rights reserved.

e dd ble l
t h R ra
a r
Best Practices s fe
a fornCustomizing Roles
B h -tra
Do o notn customize predefined roles. These predefined roles begin with the ORA_ prefix
innthe Role Code field. During each upgrade, the upgrade process updates the
predefined roles to the specifications for that release, so any customizations are
overwritten.
Always make a copy of the predefined role. Then, edit the copy and save it as a custom
role.
Compare the copy of the predefined role with the new customized role and roll back to
the delivered role, if necessary.
After a maintenance update or upgrade, compare your customized copy to the updated
predefined source role. You can see the updates to the predefined role and decide
whether to incorporate those changes into your custom role.

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 19


The Security Console

Use to customize security.


Create and edit custom roles, but not predefined roles.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

Can be accessed via the Navigator menu, under Tools.


Access granted through the IT Security Manager role.

s a
)h a
m
co uide
e
@ hp nt G
m ar tude
y - ku is S
e d d th
r e
r a th to us
( b ha nse
d d y l i ce Copyright 2016, Oracle and/or its affiliates. All rights reserved.

R e able
th sfer
arastart
Beforehyou
t r n the Security Console, set two profile options that govern the behavior
using
a
B n- Console in the Manage Administrator Profile Values task.
of the Security
n o
Security Console Working App Stripe: Controls the App Stripe the user works on.
Please set this profile option to fscm, either at the site level, or for specific users with
Security Console access.
Enable Data Security Policies and User Membership Edits: Sets the preference to
enable data security policies and user membership editing in Security Console. Set this
profile option to Yes to enable both, at the site level, or for specific users.

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 20


The Security Console: Copy Feature

Steps to use the Copy feature are:


Copy a role.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

Modify the default role name, code, description.


Review, add, or remove function security privileges.
Review, edit, or remove data security policies.
Review, add, or remove inherited roles.
Assign users to the target role.
a
Review the summary and impact.
) has
Submit and Close. o m e
c pe t G u i d
h
a r@ den
- k um Stu
e d dy this
t h r u se
a r a e to
y (bh icens Copyright 2016, Oracle and/or its affiliates. All rights reserved.

e dd ble l
t h R ra
a
The Copyr a ninsthe
feature
feSecurity Console enables you to:
Bh n-default
Setoup
tra names in the Preferences section of the Security Console.
n
Review the code resources tied to each function security privilege.
Important:
To add, edit, or remove data security policies, set the profile option Enable Data Security
Policies and User Membership Edits to Yes, either at the site level or for the current
user.
To assign users to this new role, set the profile option Enable Data Security Policies and
User Membership Edits to Yes, either at the site level or for the current user.
Note: This option is only available to external roles, as you can only assign external roles to
users.

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 21


The Security Console: Compare Roles Feature

Use to compare the function and data security policies


granted between two roles.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

Launch Compare Roles directly by clicking on the button or by


choosing the Compare Roles option in the Search Results.

s a
h
) a
o m
p e c uide
@ h nt G
r
a tude
u m
d y -k his S
r e d se t
a r ath e to u
y (bh icens Copyright 2016, Oracle and/or its affiliates. All rights reserved.

e dd ble l
t h R ra
View: har
a nsfe
All o n -tra results.
B comparison

n
Artifacts that only exist in either the first or the second role.
Artifacts that exist in both roles.
Choose to view only comparison results for:
Function security policies.
Data security policies
Inherited roles, or combinations.

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 22


Additional Features

Use the following icons on the left hand side of the page:
Roles: Copy, create, and compare roles.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

Analytics: Examine data on roles.


Certificates: Review Certificates.
Administration: Save Preferences.

s a
h
) a
o m
p e c uide
@ h nt G
r
a tude
u m
d y -k his S
r e d se t
a r ath e to u
y (bh icens Copyright 2016, Oracle and/or its affiliates. All rights reserved.

e dd ble l
t h R ra
a r a nsfe
Bh n-tra
no

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 23


Practice 4-4 Overview: Using the Security Console

This practice covers the following topics:


Copying a role.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

Comparing a role.

s a
h
) a
o m
p e c uide
@ h nt G
r
a tude
u m
d y -k his S
r e d se t
a r ath e to u
y (bh icens Copyright 2016, Oracle and/or its affiliates. All rights reserved.

e dd ble l
t h R ra
a r a nsfe
Bh n-tra
no

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 24


Auditing Security

The following audit reports are available:


User Role Membership Report: List of users and provisioned
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

roles.
User and Role Access Audit Report: List of users and
provisioned function and data accesses.
Inactive Users Report: List of inactive users.

s a
)h a
m
co uide
e
@ hp nt G
m ar tude
y - ku is S
e d d th
r e
r a th to us
( b ha nse
d d y l i ce Copyright 2016, Oracle and/or its affiliates. All rights reserved.

R e able
r th sfer
aMembership
User Role
h a t r a n Report: You can run the report for all users, or you can optionally filter
B n- by name, department, and location.
the list of users
n o
User and Role Access Audit Report: Report can be run for one user, all users, one role, or all
roles.
One User / All Users
- Separate report outputs show role hierarchy with privileges, tabular listing of
privileges, and list of data security policies provisioned to the user.
- The All Users option results in one set of reports for each user.
One Role / All Roles
- Separate report outputs show role hierarchy with privileges, tabular listing of
privileges, and list of data security policies for a given role.
- The All Roles option results in one set of reports for each role.

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 25


Inactive Users Report: Use this report to identify users who have not signed in for a period of
time that you define.
Run the Import User Login History process as a prerequisite.
Provide the inactivity period, in days, as a report parameter. The default is 30.
Optionally filter the list of users by name, department, location, and last activity date.
Shows all inactive users that match the criteria and the following data:
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

- Number of days that the user has been inactive


- Users username
- Given name
- Surname
- Location and department
- Users status

s a
h
) a
o m
p e c uide
@ h nt G
r
a tude
u m
d y -k his S
r e d se t
a r ath e to u
y (bh icens
e dd ble l
t h R ra
a r a nsfe
Bh n-tra
no

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 26


Security Resources

To review the roles and other components that make up the


security reference implementation for your application, you can:
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

Access the security reference manuals (SRM).


Common
Service-specific
Access the tasks available for managing roles, templates, and
security policies.
Security a
Securing Oracle a
Reference
h sfor
ERP Cloud m )
Oracle
o
c uideCloud
h peFinancials tG
Security Reference
a r@ den
for Common
- k um Stu
s
ddy thi
Features
re use
r t h
a e to
a
y (bh icens Copyright 2016, Oracle and/or its affiliates. All rights reserved.

e dd ble l
t h R ra
e
nsf is applicable to the needs of midsized, horizontal enterprises
ara traSecurity
OraclehFinancial
B between
generally - 250 and 10,000 employees. It can be changed or scaled to accommodate
noninto vertical industries such as health care, insurance, automobiles, or food
expansion
manufacturing.
For more resources on the Oracle Help Center, see:
Oracle Financial Security Guides:
http://docs.oracle.com/cloud/latest/financialscs_gs/docs.htm.
Oracle Fusion Middleware Security Guides:
http://docs.oracle.com/middleware/1221/cross/securedocs.htm.

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 27


Summary

In this lesson, you should have learned how to:


Understand the Cloud security methodology.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates

Plan your use of the security implementation.


Identify the components of data security.
Discuss how roles can be assigned automatically or
manually.
Explore the new Security Console to customize roles and
users. a
h a s
Review the audit reports and resources )
c om ide
h pe t Gu
a r@ den
- k um Stu
e d dy this
t h r u se
a r a e to
y (bh icens Copyright 2016, Oracle and/or its affiliates. All rights reserved.

e dd ble l
t h R ra
a r a nsfe
Bh n-tra
no

Oracle Financials Cloud: Enterprise Structures with General Ledger Implementation 4 - 28

You might also like