Applications Security

Get Involved. Join the Conversation.

Topic

    Anita Cordon
    Custom Roles and Privileges report?
    Topic posted June 26, 2019 by Anita CordonRed Ribbon: 250+ Points, tagged HCM, Security 
    135 Views, 4 Comments
    Title:
    Custom Roles and Privileges report?
    Summary:
    We have quite a lot of custom roles, containing combinations of privileges that are either subsets or supersets of delivered roles. We need to report on them.
    Content:

    Due to our roles and responsibilities not aligning well with the delivered roles and responsibilities and also not wanting to have users accessing certain areas that the delivered roles grant them access to, we cloned and created our own, a few years ago and a few versions ago now. 

    We are finding that after all the upgrades and patchings we have some users that seem to have more access than we recall allowing them to have, so we want to do an audit.

    Getting the users and the roles that they have is easy.  What we need is to get the roles and the privileges that each role has access to.  Yes, we are aware that we can do this role by role in the security console but I'd rather not sit there for 2 days exporting things, and we will want to do this regularly if we can, so I'm trying to build an analytic/report/BI that will suck out all the data at once so that we can match it to the roles in use and work out who has something they shouldn't have.

    But I'm unable to find the table or view that holds that role / privilege information.

    Does anyone know what the table or view would be that has that information please?f

    Version:
    R13 19B

    Comment

     

    • Kishore Padala

      You can run User and Role Access Audit Report.
      The User and Role Access Audit Report provides details of the function and data security privileges granted to specified users or roles. This information is equivalent to the information that you can see for a user or role on the Security Console. 

      For more information please refer to :
      https://docs.oracle.com/en/cloud/saas/global-human-resources/19b/ochus/reporting-on-application-users-and-roles.html#OCHUS1883767
      Section : User and Role Access Audit Report

    • Thomas Scott

      Then Oracle Support note below might give you what you need or get you close.

      SCRIPT: Script to show table privileges for users and roles (Doc ID 1050267.6)

    • Yasheswi Challa

      In addition to the above, we have the below privilege report accessible from Scheduled Processes. 

      User and Role Access Audit Report - Extracts function and data security information for users and roles.
      Privilege Discoverer Report - Review users and roles granted access to code artifacts within a navigation menu entry.

      Thanks.

    • Yasheswi Challa

      You can refer PER_LDAP_USERS PU, ASE_APP_ROLE_VL ASE, PER_USERS PU, PER_ROLES_DN PRDN and other tables from https://docs.oracle.com/en/cloud/saas/global-human-resources/18c/oedmh/ASE-tables.html

       

      Thanks.