Database Reference
In-Depth Information
Account provisioning and identity
management
Next, we will show how the identity management and provisioning systems
ensure that each action in the system can be traced to an individual who is
accountable for it. We will also show, how efficiently we can react to events in
the human resources system and make the appropriate changes in the identity
management and provisioning system to ensure that the access is always
appropriate and principles of least privilege are maintained.
If you are using E-Business Suite, your security is administered through
responsibilities
,
top-level menus
,
submenus
, and
menu exclusion
rules
. The
responsibilities seeded by Oracle do not always represent a consistent metaphor.
In some cases, the responsibility is seeded to represent a Job. For example, the
collections product seeds a responsibility of Collections Manager. In some cases,
the responsibility is seeded with all functionalities for a product. For example,
Oracle seeds a responsibility "Financial Intelligence". In other cases, a duty that
you might find listed on a job description is a responsibility. For example,
supervising employees is under the Manager responsibility.
The E-Business suite has its own identity store in
FND_USERS
. However, it does
allow integration with a LDAP service. This allows a single user to be identified
and accountable across all systems. In order to do this, Oracle Internet Directory
and the
FND_USER
table must be kept synchronized. Synchronization events are
raised via the workflow-based Business Event System whenever users are added
or modified.
Designing roles
Next, we take the principle of least privilege and we show how to reflect that in a
set of roles. We will show how to make those roles reflective of real world jobs and
duties. We will also show how these roles are implemented in the security system.
The following is part of a role definition for an Accounts
Payable Manager
, showing
the mapping between the real world
job
,
duty
,
and entitlement
as you might find
on a job description with the
Top Level Menu
,
Sub Menu
, and
Functions
in the
E-Business Suite:
Search WWH ::
Custom Search