Saturday, December 7, 2013

Oracle E-Business Suite R12 - Layers of Access Control





Successive Layers of Access Control
Access Control with Oracle User Management is implemented in successive layers and each layer builds upon the one that precedes it. Organizations can, optionally, uptake the various layers depending on the degree of automation and scalability they wish to build upon the existing Function and Data Security models.
There are six layers of access control. The Core Security layers include:
      Function Security
      Data Security
The next four layers are part of Oracle User Management:
      Role-Based Access Control
      Delegated Administration
      Registration Processes
      Self Service and Approvals
 



Increasing Flexibility and Scalability
In general, access control with Oracle User Management (OUM) begins with basic system administration tasks, and then progresses to more distributed, local modes of administration, ultimately enabling users to perform some basic, predefined registration tasks on their own. Details of the various levels of access control, and the increasing level of flexibility and automation that they provide are provided later in the lesson. However, the following general guidelines may be considered for now:
System Administrator
Oracle’s Function Security and Data Security mechanisms constitute the base layers of the security system, and contain the traditional system administrative capabilities. Organizations can, optionally, add more layers to the system depending on the degree of flexibility they want.
By themselves, Function Security and Data Security limit the scope of OUM to basic system administration by granting access to specific menus and to the data accessed from within those menus.

Local Administrators
When Role-Based Access Control and Delegated Administration are added to the Data Security and Function Security layers, system administration tasks can be distributed to local administrators who manage a subset of the organization’s users.
End Users
Registration Processes and Self Service and Approvals distribute system administration further by automating some registration tasks so that end users can perform them.



Self Service and Approvals
After the registration processes have been configured as per requirements, individuals can subsequently perform self-service registration tasks, such as obtaining new user accounts or requesting additional access to the system. In addition, organizations can use the Oracle Approvals Management engine to create customized approval routing for these requests.
Example
An organization may enable users to request a particularly sensitive role. However, before the user is granted the role, the organization can specify that two approvers, a manager and a vice president, must provide their approval.

1 comment:

  1. As for me it is better to use Ideals virtual data room for security of data. I uploaded all my documents into the room and now they are available for my all time and secured very well.

    ReplyDelete