Creating Policy Alerts for Oracle ERP Cloud
Create custom policies to generate alerts for actions on resources that are specific to your Oracle ERP Cloud environment.
Prerequisite: Ensure that you have followed the instructions in Getting Started with Policies to review available managed policies, and any custom policies that already exist, before creating a new custom policy.
You can configure policies for any changes in roles or objects.
Creating an Oracle ERP Cloud Policy
Follow these general steps for any policy you create to generate an alert for actions in Oracle ERP Cloud.
The following are general steps for creating an Oracle ERP Cloud policy. Once created, when the policy conditions are met, Oracle CASB Cloud Service displays an alert in Risk Events and optionally can send the alert through email.
Condition Parameters for Oracle ERP Cloud
Review the parameters and operators that are available in the Conditions page of the policy creation wizard for Oracle ERP Cloud.
These parameters and operators are available on the Conditions page of the New Policy wizard to fine tune your alerts for ERP.
Note:
The exact list of parameters that you see on the Conditions page depends on the resource details that you specify on the Resource page. Not all parameters are available with all resources.
Parameter | Operator | Value |
---|---|---|
Device |
Include or exclude the selected device type. |
Select Desktop, Mobile, API Call, or Other. |
Timestamp |
The drop-down list determines whether the time is exact, later than the time you entered, or earlier (given a 24-hour time frame). Oracle CASB Cloud Service evaluates the timestamp using Greenwich Mean Time (GMT). |
A value as a time in 24-hour HH:MM:SS format. |
City, State, or Country |
|
The name of the city, or the state or province, in the physical address that’s associated with the IP address. |
Target Type |
|
Values: User, Group, or Role. Note: This condition parameter is only available for the Resource Type Job Role. |
Target Value |
|
Name of the user, group, or role. Note: This condition parameter is only available for the Resource Type Job Role. |
Creating Alerts for Oracle ERP Cloud Roles
Create alerts for activity related to Oracle ERP Cloud roles. For example, administrators who are creating too many privileged roles, or users who are performing impersonation.
Specifying Resources and Actions to Trigger the Alert
-
Specify Resource details, using the information in the table below:
Field Value Resource
Job Role
Resource name
You must provide a name for the selected resource type. If you select:- Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name.
- Regular expression, enter .* to match all email retention rules.
-
Specify an Action on the resource using the table below:
Action on this resource Description Any
Matches any action.
Privileges added
Privileges were added to this job role.
Privileges removed
Privileges were removed from this job role.
Role created
A job role was created.
Role membership added
A user, group, or role was assigned this job role.
Role membership removed
A user, group, or role was removed from this job role.
-
(Optional) Add more Resource name-Action pairs to refine your policy.
You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.
- Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.
-
Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.
-
Click Next when you have finished specifying resource name-action pairs.
You are now on the Username page.
-
Return to Creating an Oracle ERP Cloud Policy and finish the steps to complete your policy alert, resuming at step 6.
Creating Alerts for ERP Cloud Business Objects
Create alerts for activity related to Oracle ERP Cloud business objects. For example, administrators who are creating too many bank accounts or bank account users.
Note:
The Oracle ERP Cloud business objects described in this section must be enabled on your Oracle CASB Cloud Service tenant. To enable this feature, contact Oracle Support (http://support.oracle.com). If you have not registered yet, you will need your Customer Support Identifier (CSI) in order to register to submit service request tickets. As an alternative, you can also contact your Oracle CASB Cloud Service Customer Success Manager.
Specifying Resources and Actions to Trigger the Alert
-
Specify Resource details, using the information in the table below:
Field Value Resource
-
Bank Account
-
Bank Account - Checkbook
-
Bank Account - General Ledger Account
-
Bank Account - Payment Document
-
Bank Account - Use
-
Disbursement Business Unit Wise Option
-
Disbursement Enterprise Unit Wise Option
-
External Bank Account
-
External Bank Account Owner
-
Financial Option
-
Payment System Format
-
Payment System Info Audit
-
Payment System Transmission
-
Supplier
-
Supplier - Address Contacts
-
Supplier - Address Tax Classifications
-
Supplier - Address Tax Registrations
-
Supplier - Address Tax Reporting Codes
-
Supplier - Addresses
-
Supplier - Bank Accounts
-
Supplier - Business Classifications
-
Supplier - Contacts
-
Supplier - Payment Attributes
-
Supplier - Payment Methods
-
Supplier - Products and Services
-
Supplier - Site Assignments
-
Supplier - Sites
-
Supplier - Tax Classifications
-
Supplier - Tax Registrations
-
Supplier - Tax Reporting Codes
-
System Option
-
System Security Options
Resource name
You must provide a name for the selected resource type. If you select:- Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name.
- Regular expression, enter .* to match all email retention rules.
-
-
Specify an Action on the resource using the table below:
Action on this resource Description Any
Matches any action.
Add
The selected business object was added.
Delete
The selected business object was deleted.
Modify
The selected business object was modified.
-
(Optional) Add more Resource name-Action pairs to refine your policy.
You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.
- Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.
-
Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.
-
Click Next when you have finished specifying resource name-action pairs.
You are now on the Username page.
-
Return to Creating an Oracle ERP Cloud Policy and finish the steps to complete your policy alert, resuming at step 6.
Creating Alerts for Oracle ERP Cloud Login Events
Create alerts for activity related to Oracle ERP Cloud log in events. For example, successful and unsuccessful logins.
In the policy creation wizard Resource page, after you select a Resource type of Login Event, you can choose one of these options from the Action on this resource drop-down list:
Specifying Resources and Actions to Trigger the Alert
-
Specify Resource details, using the information in the table below:
Field Value Resource
Login Event
Resource name
You must provide a name for the selected resource type. If you select:- Text, select an operator from the drop-down list (Equal to, Contains), Begins with or Ends with and enter type a full or partial rule name.
- Regular expression, enter .* to match all email retention rules.
-
Specify an Action on the resource using the table below:
Action on this resource Description Any
Matches any action.
Failed Login
A failed login event occurred.
Login
A successful login event occurred.
-
(Optional) Add more Resource name-Action pairs to refine your policy.
You can specify more than one resource name-action pair for the same resource type (Resource field) selection. When you add more resource name-action pairs, the alert will be triggered when any one resource name-action pair is matched.
- Click Add resource and action to add another resource name to the policy alert, or to add the same resource name again with a different action.
-
Click Duplicate resource and action to copy the resource name-action pair you just added as the basis for the resource name-action pair you want to add.
-
Click Next when you have finished specifying resource name-action pairs.
You are now on the Username page.
-
Return to Creating an Oracle ERP Cloud Policy and finish the steps to complete your policy alert, resuming at step 6.