1. Oracle Identity Analytics Overview
2. Using the Oracle Identity Analytics User Interface
What Is the Identity Warehouse?
Understanding the Identity Warehouse User Interface
To Search for a User (Quick Search)
To Search for a User (Advanced Search)
To View User Accounts (Entitlements)
Working With Business Structures
To Delete a Business Structure
To Create a Business Structure Hierarchy
Associating Users With Roles and Business Structures
To Associate a User With a Role
To Associate a User With a Business Structure
To Associate Policies With Resources
To Associate Policy Owners With Policies
To Approve Policy Change Requests
To Manage Lifecycle of Policies
To Create Roles From Existing Roles
To Create Roles Based On an Existing User
To Rename, Modify, or Decommission (Delete) a Role
To Associate Roles With Business Units
To Associate Role Owners With Roles
To Approve Role Change Requests
Define Segregation of Duties (SoD) to separate certain duties or areas of responsibility so that they cannot be assigned to the same person. By defining Segregation of Duties, you reduce opportunities for unauthorized modification or misuse of data or services. Segregation of Duties is a primary internal control intended to prevent (or decrease the risk of) errors or irregularities, identify problems, and ensure that corrective action is taken. This is done by assuring that no single individual has control over all phases of a transaction. Oracle Identity Analytics performs SoD at the role and policy levels.
Log in to Oracle Identity Analytics.
Choose Identity Warehouse > Roles.
Click a role, then click the Exclusion Roles tab.
Click Add Exclusion Roles.
Add the roles that need to be excluded.
Click Save or Send For Approval.
As with roles, segregation of duties can be defined at the policy level.
Log in to Oracle Identity Analytics.
Choose Identity Warehouse > Policies.
Click a policy to select it and go to the Exclusion Policies tab.
Click Add Exclusion Policies.
Add the policies to be excluded.
Click Save or Send For Approval.
As with roles, when a policy is added to a role, the excluded policies cannot be assigned to a role.