Risk Management

Get Involved. Join the Conversation.

Topic

    Venkatesh Chella
    In Advanced Access Control under Enforcement Type, How does...
    Topic posted January 9, 2019 by Venkatesh ChellaRed Ribbon: 250+ Points, tagged GRC, Risk Management, Separation of Duties 
    258 Views, 5 Comments
    Title:
    In Advanced Access Control under Enforcement Type, How does Prevent and Approval Required work.
    Summary:
    Usage of Enforcement Type in Controls
    Content:

    Would like to know the different functionalities of Enforcement Type ( Monitor, Prevent , Approval Required ). How does it work ?

    We are in 18C and would like to know how to make use of Enforcement Type in Controls.

    Version:
    18C

    Comment

     

    • Lakshmi Rajamohan

      Hi Venkatesh,

      Today, the enforcement type field is only used for reporting purposes. Hope this helps.

    • Venkatesh Chella

      Hi Lakshmi,

      Thanks for your response.  It would be a great option if they can implement or introduce the functionality of " Approval Required " / " Prevent " . Because the business actually would like to validate such SoD conflicts during the time of assigning itself, either by Preventing or by getting approval as defined by the SoD Control. I was hoping that it would be delivered in 18C, but not. Hope this option is rolled out at the earliest in the next future releases.

    • Lakshmi Rajamohan

      Hi Venkatesh!

      Thank you for your feedback. 

      Here's Oracle's guidance on your question: If you use HCM to provision users (UI or Data Loader), use Role Mappings to enforce access policies; if you use another application to provision users (e.g., Oracle Identity Cloud), use that app's equivalent functionality. In either case, use AAC to support the design of the access policies. 

      Hope this helps.

    • Venkatesh Chella

      Hi Lakshmi,

      Thanks for your Guidance. We are using HCM to provision users. Can you direct me to the documentation where I can understand about " Role Mappings to enforce access policies ". Basically would like to prevent the SoD conflicts at the time of assigning them to users.

      Appreciate your assistance.

      With Regards

      Venkatesh Chella