Database Reference
In-Depth Information
Within the
Manage Incident
panel, analyze using visualization and various filters to
determine when conflicting access points for one role have been violated. Carry out
the following steps to remediate intra-role incidents:
•
Determine how to remediate
: These reports, along with online analysis,
will help to give context to what access an individual role has, along with
the users that have those roles. It is up to the business to decide how to
remediate those incidents. Generally, the conflicting access points within an
individual role should be separated out. One of the conflicting access points
may already exist in another applicable role, or potentially a new role will
need to be created so that the intra-role conflict can be cleaned up.
•
Simulate
: Before actually making any changes in your business system, you
may want to simulate what would happen if you were to make the change.
Navigate to
Simulation
and exclude an access point to see how your action
would impact your conflicts, roles, controls, and users.
•
Remediate
: Following your company's change-tracking process, you can
initiate a corrective action so that the change is made in your Business System
Security model. For instance, if you decided to remove the Oracle Enter
Journals function from the
GL_SU_JOURNAL
menu, you would need to
follow your company process to request this change. Most likely the change
would be made in a development instance, possibly then a test instance, and
finally the production instance.
•
Repeat
: Remediation is an iterative process. Continue to focus on high
priority, high risk, and high volume areas to clean up your business system.
Reviewing inter-role incidents
Inter-role incidents can be approached in a similar manner. Inter-role incidents
occur when access points conflict with each other across roles for a single user:
• View users with Access Violations by Control report: This is a high-level
listing of users that violate controls.
• View Access Violations by User report: This lists the top 10 users with
incidents across roles, as well as details of every user who has violated
a control, the roles and access points that cause the violation.
First, use the Users with Access Violations by Control report to determine
your highest priority controls with inter-role conflicts. Then run this report
for those controls. By doing so, you will get a list of users who have violated
those controls, and will be able to quickly see who has access to more than
one role causing conflicts.
Search WWH ::
Custom Search