Security in Oracle EBS with SafePaaS Custom Roles Design

Oracle E-Business Suite

Report Financial Results with Confidence



Improve Business Performance with Application Assurance:

  • Control project costs and risks with effective configuration controls management

  • Safeguard enterprise data with segregation of duties sensitive access Controls

  • Detect suspicious and erroneous transactions with advanced analytics

Oracle E-Business

Oracle E-Business Suite is the most comprehensive suite of integrated, global business applications that enable organizations to make better decisions, reduce costs, and increase performance.

With hundreds of cross-industry capabilities spanning enterprise resource planning, customer relationship management, and supply chain planning; Oracle E-Business Suite applications help customers manage the complexities of global business environments no matter if the organization is small, medium, or large in size.

Application configuration and security design are essential for a successful enterprise application implementation, upgrade or deployment project. Project costs can overrun if application configurations are incorrectly documented or setup during key phase of the project such as analysis, design, configure, test and deploy. Risks, such as missed milestones and poor user adoption are increased if the ERP configurations fail the test of accuracy, validity and completeness. With the growing functionality of new releases, it is increasingly challenging to manage and secure thousands of complex configurations across multiple project environments without automated tools.

SafePaaS Risk Advisors with expertise in enterprise controls and business application can provide independent assurance over application security design and configurations to control project costs and risks. SafePaaS DataProbe can automate application configuration reports to document setups, compare configurations across multiple environments and assess the impact of new releases on customizations such as database objects, concurrent programs, form extensions, value sets, workflows, alerts, etc.

Our application assurance services include a health check of access, transaction and configuration of your business applications. We work with control owners to remediate violations of organizational policies and control objectives. We can quickly remediate any application control deficiencies without burdening business process owners and IT staff by utilizing risk remediation tools such as Roles Manager to correct inherent risk in application security model.

Oracle E-Business Suite security model can be configured to grant users access based on Responsibilities as well as Roles. In this 17-page document, we provide an overview of the Oracle security model fundamentals, describe best practices for implementing access policies and share some key capabilities in SafePaaS to help you automate user access controls management process for users granted access to Oracle E-Business Suite applications through Roles as well as Responsibilities.

Oracle Responsibilities consist of navigation menus that include sub-menus, functions and programs called “concurrent requests”. Once a user is granted access to one or more Responsibilities, she/he can access all the functions and programs within all the available menus. There are additional security attributes that can limit user access to data and functions. A key drawback of the Responsibility based security model is that it does not support data level security.

Role-based access control (RBAC) fully introduced in Oracle E-Business Suite R12 offers significant security design improvement over the Responsibilities based option by normalizing access to functions and data through user roles rather than only users. RBAC security model improves access security by controlling what a user can do on each function or sets of data under specific condition, e.g. view and edit are actions, and task flows or rows in data tables are resources.

In this guide, you will learn:

  • The fundamentals of Oracle E-Business Suite Security Model
  • About each component of the EBS security model including:
    Responsibility Based Access Management
    Menus and Functions
    Forms, HTML, Pages and personalisation
    How to set user profile options
  • Segregation of Duties Management with Role-based access controls
  • User Management with Role-based access controls
  • Role Inheritance
  • Delegated User Management

Here are some examples of challenges that can be solved with our Smart Controls Cloud:

  • Which Segregation of Duty (SOD) Policies will mitigate the risk in User Roles

  • Cannot use “seeded” Roles and Responsibilities because of inherent SOD conflicts

  • How to ensure that the activities of users granted “super user” responsibilities have effective compensating control

  • Why there are so many False Positives and how to remove them from your analysis

  • When all SOD incidents will be able to close

  • Functionality worked in Dev but not in Prod

  • App functionality works in old release version but not in the new release

  • App setups are changed without authorization

  • Not able to validate setups to auditor or business

  • App is no longer functioning properly and there’s no record of what changed

  • The system configuration documentation is out of date

  • Applied a patch and full impact not known

  • App customizations are lost or broken after upgrading to new release

  • Had project overruns and production downtime

  • Missed deployment milestones for rollouts and upgrades because of manual effort