1. Securing ERP
  2. Overview of ERP Security Implementation

Overview of ERP Security Implementation

Oracle ERP Cloud predefines common job roles such as Accounts Payable Manager and General Accounting Manager. You can use these roles, modify them after creating a copy of the predefined role, or create new job roles as needed. A user can be assigned

For a listing of the predefined job roles in Oracle ERP Cloud and their intended purposes, see the Security Reference Manual in the Oracle Help Center (http://docs.oracle.com).

Common functionality that is not job specific, such as creating expense reports and timecards, are granted to the abstract role Enterprise Resource Planning Self Service User. Abstract roles like Employee, Contingent Worker and Line Manager also grant access to common functionalities across a wide collection of Oracle Cloud Applications. A library of duty roles, packaging access to respective Transaction Business Intelligence subject areas and corresponding drilldowns, are also available as building blocks to provide self service reporting access.

Oracle ERP Cloud includes the following roles that are designed for initial implementation and the ongoing management of setup and reference data:

  • Application Implementation Manager: Used to manage implementation projects and assign implementation tasks.

  • Application Implementation Consultant: Used to access all setup tasks.

  • IT Security Manager: Used to access the Security Console to manage roles, users, and security.

  • Financial Integration Specialist: Used to plan, coordinate, and supervise all activities related to the integration of financials information systems.
Note: For the ongoing management of setup and reference data, the Financial Application Administrator, a predefined administrator role, provides access to all financial setup tasks.

Seperation of Duties Considerations

Separation of duties (SoD) separates activities such as approving, recording, processing, and reconciling results so you can more easily prevent or detect unintentional errors and willful fraud.

Oracle ERP Cloud includes pre-built roles that can accelerate deployment. To find out whether they could be valuable to your organization:

  1. Gather your ERP stakeholders - for example, owners of business processes, IT security administrators, and internal audit / financial governance teams.
  2. Identify the pre-built roles that are relevant to your ERP activities.
  3. Determine whether those roles should be used as-is, or fine-tuned to suit your operational, security, and compliance requirements. For example, if a user has the Create Payments and Approve Invoice privileges, you might consider it an SoD conflict. The predefined Accounts Payable Manager role has the privileges of Force Approve Invoices and Create Payments. When you assess and balance the cost of duty separation against reduction of risk, you might determine that the Accounts Payable Manager role should not be allowed to perform force approve invoices and remove that privilege.

To learn more about the SoD, see Using Advanced Controls in the Oracle Help Center (http://docs.oracle.com). To learn more about the policies and roles, see the Security Reference Manual in the Oracle Help Center.

Data Security Considerations

  • Use segment value security rules to restrict access to transactions, journal entries, and balances based on certain values in the chart of accounts, such as specific companies and cost center values, to individual roles.

  • Use data access set security for Oracle Fusion General Ledger users to control read or write access to entire ledgers or portions of the ledger represented as primary balancing segment values, such as specific legal entities or companies.

For more information on securing your applications, see the Oracle ERP Cloud Securing Oracle ERP Cloud guide in the Oracle Help Center (http://docs.oracle.com).