Oracle RBAC Engagement - Overview

Objective& Guiding Principles

Identified business risks for the in-scope Oracle R12 business processes and systems
Identified control objectives & control activities to address business risks

OracleR12 Production Application Security & controls Scope includes

Configure Oracle R12 and OracleCloud security roles and responsibilities based on associated functional tasksand adherenceto SODrules
Customized Oracle R12responsibilities/roles creation if needed to achieve desired businessobjectives.
Provisioning of sensitive orprivileged access as per business requirements.
Provisioning of Oracle R12 access to users based on the roles and responsibilities

Oracle RBAC Solution – User Access Provisioning

RBAC standard supports the mapping of user access control based upon a user’s role in the organization rather than their unique identity.

Roles – a grouping of all the responsibilities, lower-level permissions (functions), permission sets, and data security rules that a user requires to perform a specific task
Role Categories – Organize roles into groups. (Example of Role: AP Clerk, AP Supervisor, AP Super User etc.)

Oracle RBAC Solution – Migration Strategy

DEV Instance- Development Process: Manual Setup and Programmatic wherever possible

Integration Testing Instance-Integration Testing
Process: Manual and Automated (FNDLOADS wherever possible)

Functional Testing Instance - Functional Unit Testing
‍ Process: Manual and Automated (FNDLOADS wherever possible)

UATInstance-UserAcceptance Testing
‍Process: Manual and Automated (FNDLOADS wherever possible)

ProductionInstance- Production
‍Process: Manualand Automated (FNDLOADS wherever possible)