Information Technology Reference
In-Depth Information
Abstract roles tend to be generic roles that would be implicit to multiple users. A good
example for an Abstract role is an employee. Most business users of an application
would be an employee of the organization. This role would be appended to other
more specific profiles that would create a specialized security entitlement for a user.
Segregation of duties
A user cannot have roles that transcend normal checks and balances in a business
process. For example, a user should not have the right to issue a purchase order,
and then make payment for the same purchase order. Oracle Fusion Applications
have a built-in set of rules that enforce the
segregation of duties
(
SOD
). The con-
figuration and enforcement of SOD in Oracle Fusion Applications is done by the
Application Access Controls Governor
(
AACG
). This is a product that is part of
Oracle's Governance Risk and Compliance
(
GRC
) family.
AACG is used to define policies at the role or entitlement level. These policies are
then enforced whenever an entitlement to a role is created or a role is assigned to
a user. There is a predefined list of security policies that implicitly enforce SOD con-
trols. These can be further refined as needed to meet an organization's needs.
Security architecture
The OIM suite provides the technology foundation for security in Oracle Fusion Ap-
plications. Several components of OIM are used to implement internal application
security as well as perimeter security.
Search WWH ::
Custom Search