Oracle RBAC Engagement - Overview
Objective& Guiding Principles
- Identified business risks for the in-scope Oracle R12 business processes and systems
- Identified control objectives & control activities to address business risks
OracleR12 Production Application Security & controls Scope includes
- Configure Oracle R12 and OracleCloud security roles and responsibilities based on associated functional tasksand adherenceto SODrules
- Customized Oracle R12responsibilities/roles creation if needed to achieve desired businessobjectives.
- Provisioning of sensitive orprivileged access as per business requirements.
- Provisioning of Oracle R12 access to users based on the roles and responsibilities
Oracle RBAC Solution – User Access Provisioning
RBAC standard supports the mapping of user access control based upon a user’s role in the organization rather than their unique identity.
- Roles – a grouping of all the responsibilities, lower-level permissions (functions), permission sets, and data security rules that a user requires to perform a specific task
- Role Categories – Organize roles into groups. (Example of Role: AP Clerk, AP Supervisor, AP Super User etc.)
Oracle RBAC Solution – Migration Strategy
DEV Instance- Development Process: Manual Setup and Programmatic wherever possible
Integration Testing Instance-Integration Testing
Process: Manual and Automated (FNDLOADS wherever possible)
Process: Manual and Automated (FNDLOADS wherever possible)
Functional Testing Instance - Functional Unit Testing
Process: Manual and Automated (FNDLOADS wherever possible)
Process: Manual and Automated (FNDLOADS wherever possible)
UATInstance-UserAcceptance Testing
Process: Manual and Automated (FNDLOADS wherever possible)
Process: Manual and Automated (FNDLOADS wherever possible)
ProductionInstance- Production
Process: Manualand Automated (FNDLOADS wherever possible)
Process: Manualand Automated (FNDLOADS wherever possible)
