Oracle RBAC Engagement - Overview

Objective& Guiding Principles

  • Identified business risks for the in-scope Oracle R12 business processes and systems
  • Identified control objectives & control activities to address business risks

OracleR12 Production Application Security & controls Scope includes

  • Configure Oracle R12 and OracleCloud security roles and responsibilities based on associated functional tasksand adherenceto SODrules
  • Customized Oracle R12responsibilities/roles creation if needed to achieve desired businessobjectives.
  • Provisioning of sensitive orprivileged access as per business requirements.
  • Provisioning of Oracle R12 access to users based on the roles and responsibilities

Oracle RBAC Solution – User Access Provisioning

RBAC standard supports the mapping of user access control based upon a user’s role in the organization rather than their unique identity.
  • Roles – a grouping of all the responsibilities, lower-level permissions (functions), permission sets, and data security rules that a user requires to perform a specific task
  • Role Categories – Organize roles into groups. (Example of Role: AP Clerk, AP Supervisor, AP Super User etc.)

Oracle RBAC Solution – Migration Strategy

DEV Instance- Development Process: Manual Setup and Programmatic wherever possible
Integration Testing Instance-Integration Testing
Process: Manual and Automated (FNDLOADS wherever possible)
Functional Testing Instance - Functional Unit Testing
Process: Manual and Automated (FNDLOADS wherever possible)
UATInstance-UserAcceptance Testing
Process: Manual and Automated (FNDLOADS wherever possible)
ProductionInstance- Production
Process: Manualand Automated (FNDLOADS wherever possible)