Professional Documents
Culture Documents
OVERVIEW OF ORACLE
APPLICATIONS
SECURITY
AUDIT TRAIL
Responsibilities
Applicatio
n
User
Data Group
Menu
Exclusions
Oracle Application
Specific Profiles
Request
Security Group
FUNCTION SECURITY
CAP GEMINI ERNST & YOUNG
APPLICATIONS USER
In order to sign on, must define
Application User
Application User is identified by a:
User Name
Password
SETTING UP USERS
USER SIGN-ON
Can be
automated
Responsibilities
APPLICATION
RESPONSIBILITIES
Defined Responsibilities allow
access to:
Specific Applications
Sets of Books (SOBs)
Restricted list of windows
Restricted list of functions
Reports in specific application
CAP GEMINI ERNST & YOUNG
APPLICATION
RESPONSIBILITIES
Components of a Responsibility:
Data Group
Menu
Function & Menu Exclusions
Request Security Group
APPLICATION
RESPONSIBILITIES (contd)
A Data Group
Oracle Database
DATA GROUP
CAP GEMINI ERNST & YOUNG
ASSIGNING
RESPONSIBILITIES
USER ASSIGNED
RESPONSIBILITY (Example
1)
USER ASSIGNED
RESPONSIBILITY (Example
2)
APPLICATION
RESPONSIBILITIES (contd)
A Menu
Is a hierarchical arrangement of
application form functions (forms)
and non-form functions
(subfunctions) that define the range of
application functionality
Can be customised to restrict
functionality and navigation to certain
windows
CAP GEMINI ERNST & YOUNG
APPLICATION
RESPONSIBILITIES (contd)
FUNCTIONAL SECURITY
APPLICATION
RESPONSIBILITIES (contd)
Function & Menu Exclusions
RESTRICTED MENU
EXAMPLE
APPLICATION
RESPONSIBILITIES (contd)
A Request Security Group
APPLICATION
RESPONSIBILITIES (contd)
Request
Security Group
Reports
Request Sets
Reports
Request
Group
Responsibility
Request Sets
Concurrent
Programs
User signs on
Concurrent
Programs
SUBMIT REQUESTS
EXAMPLE
Application Security:
Pre-defined
Oracle Purchasing:
Oracle Super User: Provides access to all product
Responsibilities
forms;
Purchasing Manager: duplicates Super User
responsibility;
Buyer: Provide general access to purchasing
documents, inquiries, vendor and item management,
report and limited setup forms;
Requestor: Provides access to requisition functions,
related inquiries and reports, and
Receiver: Provides access to receiving functions,
related inquiries and reports.
Application Security:
Maintenance
System Administrator defines and maintains
all Oracle Application users;
Each user can be assigned to more than one
responsibility;
The Oracle Applications user ID is not linked
to the user operating ID (control concern),
and
Access to Responsibilities can be limited to a
specific period of time through the Effective
Dates feature
CAP GEMINI ERNST & YOUNG
Designing Security
Administration
Consider organizational design and business
processes;
Utilize vanilla responsibilities;
Edit responsibilities using Security matrix:
ACCESS SECURITY
REPORTS
Reports that may be run to view
user access rights:
FLEXFIELD
S
DATA SECURITY:
FLEXFIELDS
FLEXFIELDS:
DATA SECURITY:
FLEXFIELDS (contd)
Asset Category Computer
Sub Category
Monitor
Size
14
Serial Number
ABC12345
DATA SECURITY:
FLEXFIELDS (contd)
Value Set
Value Set
Cross-Validation
VALUES
VALUES
Security
Security
CAP GEMINI ERNST & YOUNG
DATA SECURITY:
FLEXFIELDS (contd)
Value Sets determine:
DATA SECURITY:
FLEXFIELDS (contd)
Country
State
City
City Value
Set
Los
Angeles
NY
London
TX
New York
City
UK
CA
Los Angeles
DATA SECURITY:
FLEXFIELDS (contd)
Dynamic Insertion option allows
users to create new code
combinations automatically (e.g.
during implementation period for
legacy data)
MUST ENSURE CROSS-VALIDATION
IS ON WHEN DYNAMIC INSERTION
OPTION IS ENABLED!!!
CAP GEMINI ERNST & YOUNG
DATA SECURITY:
FLEXFIELDS (contd)
Value Set Security rules determine
who can use particular segment
values
Use Responsibilities to determine
what access a user may have to
data
FLEXFIELD SECURITY
(contd)
Applies across an
entire key FF structure
Applies only to
the value set used
AUDITING IN ORACLE
APPLICATIONS
Oracle Database
AUDITING IN ORACLE
APPLICATIONS (contd)
AUDITING IN ORACLE
APPLICATIONS (contd)
Sign-On: Audit Level features:
Selective Auditing
Monitoring Application Users
Display Sign-on Audit data in Help
Menu
Notification of unsuccessful logins
Sign-on Audit Reports
CAP GEMINI ERNST & YOUNG
AUDITING IN ORACLE
APPLICATIONS (contd)
Sign-on Audit Reports:
Concurrent requests
Audit forms
Audit responsibilities
Audit unsuccessful logins
Audit users
AUDITING IN ORACLE
APPLICATIONS (contd)
Help Menu: About this record
AUDITING IN ORACLE
APPLICATIONS (contd)
Audit Trail
Document Sequencing
All accounting systems have to
prove completeness and provide
audit ability, and
Completeness is proof that no
documents have been lost or not
posted.
Auditability
Auditability is a means of providing
an audit trail from GL to source
transaction.
APPLICATION SPECIFIC
CONTROLS - Examples
ACCOUNTS PAYABLE
APPLICATION SPECIFIC
CONTROLS - Examples
ORDER ENTRY
REQUEST GROUP
APPLICATION DASHBOARD
SCHEDULING
PROFILE