Many Oracle E-Business Suite and JD Edwards customers are choosing to use Oracle Fusion Cloud ERP (often called Oracle Cloud ERP) to implement new or enhanced functionality while continuing to use their core ERP systems.
When implementing ERP systems and other key business applications, good role design is crucial in ensuring that all users have appropriate, least-privilege access to all the activities they need to fulfill their responsibilities. However, creating good roles can be difficult and time-consuming.
Oracle Fusion Cloud ERP comes with Seeded Roles – i.e., “out of the box” roles, designed for a wide range of common job functions, such as AR Manager, AP Manager, and more. Oracle ERP customers looking to implement new Cloud-based functionality may be tempted to adopt these ready-made roles as a quick and easy way to get up and running as they seem to offer:
However, adopting the Seeded Roles can lead to costly security, operational, and licensing problems.
Here, we outline some of the reasons why we believe that custom roles are well worth the investment.
Each module in Oracle Fusion Cloud ERP comes with a set of roles assigned to it. However, these roles may not cover all the activities that a user needs to perform outside the module or across other applications like JD Edwards EnterpriseOne, Oracle E-Business Suite Financials, or Coupa. Users’ roles should encompass the entire range of activities required to complete the entire business process.
Some Seeded Roles include inappropriate sensitive access and configuration capabilities. Creating custom roles enables you to specify precisely who can do what with which set of data, ensuring you can restrict sensitive access to only appropriate users.
Within Oracle Cloud ERP itself, there is no easy means to report on Separation of Duties (SoD) conflicts. Although Oracle has defined the Seeded Roles using Oracle Cloud SoD policies, with no visibility into these policies, users can be left with a false sense of security unless they use Oracle Risk Management Cloud – a functionally rich but large and expensive product set.
Factors that affect compliance within a role include:
In all these examples, it isn’t easy to ascertain the actual compliance status until an auditor tests it and tells you. This makes it impossible to be confident in your SoD controls. Here’s why:
Some Oracle Cloud ERP customers have found that their internal auditors had reported many unexpected SoD violations while using the Seeded Roles.
Oracle’s twice-yearly system patches may include updates to the Seeded Roles, which can affect what users are able to do. These changes could introduce Sensitive Access or SoD risks, enabling users to carry out tasks that they are not authorized to perform. Changes to roles should never be applied without proper review and approval, and it is also advisable to conduct a user access review shortly after the patches.
Some Seeded Roles consume a large number of licenses, whether or not the user actually uses the full range of privileges granted. Creating custom roles empowers you to restrict privileges as appropriate.
Creating custom roles enables you to provide your users with roles that are fully tailored to the needs of their jobs, granting appropriate, least-privilege access to all the tasks they are authorized to perform. In addition to activities within Oracle Cloud ERP, your custom roles can include functions available in Oracle E-Business Suite, JD Edwards EnterpriseOne, and other key business applications, ensuring that users have seamless access to everything they need to complete their business processes.
Implementing custom roles means that:
Pathlock Cloud includes role management tools and powerful cross-application Separation of Duties analysis to help you implement durable custom roles aligned to your business processes. This makes it much easier to ensure compliance and maintain audit readiness.
Contact us today to find out more or schedule a demo.
Share
In today’s fast-paced digital world, managing user access...
The key to protecting data is controlling who has access to...
The recent data breach at HealthEquity, a leading heal...
In today's dynamic business environments, maintaining secur...