Database Reference
In-Depth Information
Generally it is a system administrator type person who will be making the security
model change in the business system. We assume this person is familiar with the
best way to implement the remediation steps. For instance, in Oracle EBS, if we
have a remediation step that removes function one from menu one, the system
administrator type person has a few ways to do this:
• Function exclusion on responsibility form
• Uncheck grant lag on menu for that function
• Remove prompt for that function in that menu
• Remove entire line for that function in that menu
Remember conditions set up in AACG are considered for exclusions in results
(in the Oracle EBS example, prompt, grant flag).
A specific Oracle EBS example to keep in mind is the concept of same level
menu/functions . Oracle EBS uses this to grant access to functionality through a
form menu, for instance. In order for a user to get to the function, he or she must
go through another function (form). It is up to the system administrator to decide
the best route to remove the desired conflicting access. For instance, instead of
removing each function in a same-level sub function type menu, it might make
more sense to just remove the same level menu from the parent menu. Analysis
and simulation are just ways to analyze conflicting user access; it is ultimately up
to the system administrator and business owner to come to an acceptable solution
for remediating the incident.
Revaluate
A common approach to remediation is to analyze incidents, prioritize, add focus
with conditions, clean up, and revaluate. It is an iterative process. Initial remediation
may require new analysis runs to be executed several times in a day or—depending
on how long it takes to run through the previous steps—a longer period. Perhaps
remediation can be done throughout the week, with a new analysis run at the
end of each week to provide a fresh look at where incidents stand. Analysis and
remediation are slightly different for every company. This document was intended
to provide guidelines and example approaches based on best practices.
 
Search WWH ::




Custom Search