Database Reference
In-Depth Information
In this example, the matrix provides a financial risk rating of access roles called
"Responsibilities" in Oracle E-Business Suite that are assigned to a user. Each
Responsibility should be designed to mitigate the access control violation risks. A
responsibility design consists of menus, functions, and options a user can access to
process a transaction, change a setup, or update a data object. The Oracle AACG
software enables the IT auditor to test the security model design that controls the
use access based on the risk level identified in the access controls matrix. The auditor
can view the access points within the E-Business software and evaluate whether the
design provides the level of control and granularity to selectively grant access as per
the job requirements of all the users.
Once the role design is assessed, the auditor can also use the AACG software to
verify whether all existing users have appropriate access as evidenced by their
assigned Responsibilities and whether access to certain critical activities are allowed
only to select
privileged
employees who are duly authorized. AACG software also
helps review the necessary access to the administrator and
super user
rights, and
how such rights are assigned and controlled. Ideally, no one in the IT group should
have any access to the production data. All actions on the data by the super users
should be logged and verified by the data owners regularly.
Search WWH ::
Custom Search