One of your ideas has been delivered from your suggestion.Access Controls Supports EPM-FCCS and OCI Data Sources

Models and controls can analyze data from multiple data sources. By default, an Oracle Cloud data source supplies access data from many Oracle Fusion Cloud applications. Synchronized data sources provide data from other applications, but only after you set up connections to them. One of these, EPM-ARCS, provides access data from EPM Account Reconciliation; it was introduced in an earlier release. In addition to it, synchronized access data sources now include the following:

  • Up to three instances of an EPM-FCCS data source, which supply access data from "pods" in EPM Financial Consolidation and Close.
  • An OCI data source, which supplies access data from Oracle Cloud Infrastructure.

Some features have been augmented to support synchronized data sources:

  • For each data source you set up, the Content Library includes delivered-content models you can import.
  • Each synchronized data source has its own set of three business objects for use in access models, which provide data for access-point, entitlement, and condition filters. A model may include objects from only one data source, to detect issues within that data source. Or a model may include business objects from multiple data sources, to test for issues that occur across data sources.
  • As you work with access models, the business objects for one data source are available by default. (To use business objects from other data sources, you'd need to select them while creating an access model.) Initially the defaults are the objects that support the Oracle Cloud data source. However, you can designate the business objects from any synchronized data source you've set up to be the defaults instead.
  • The grids displaying records of incidents and model results now contain a Data Source column, which identifies the data source that supplies the data contained in each record.
  • The pages to create entitlements, global conditions, and user-defined access points now require you to select a data source. Only access points from the source you select are then available for use in the element you're creating. (As you edit the element, you can't change its data source.)
  • In the page to manage global users, a Count column provides the number of data sources in which each user has accounts, and a Data Source column names the data source in which each user has accounts. The Data Source value for a given user is "Multiple" if that user is identified as the same global user across multiple data sources. If so, a Related Global Users page identifies that user's data sources.

New Models

Eight new delivered models are found under the EPM-FCCS Library for Advanced Access Controls:

  • EPM FCCS Superuser and Fusion Create Payables Invoices
  • EPM FCCS Superuser and Fusion Create Payments
  • EPM FCCS Superuser and Fusion Create Purchase Orders
  • EPM FCCS Superuser and Fusion Enter Customer Receipts
  • EPM FCCS Superuser and Fusion Enter Journals
  • EPM FCCS Superuser and Fusion Inventory Transactions
  • EPM FCCS Superuser and Fusion Physical Inventory
  • Sensitive EPM FCCS Superuser roles

Four new delivered models are found under the OCI Library for Advanced Access Controls:

  • OCI DBaaS Administrator and Fusion BI Administrator
  • OCI SOA Administrator and Fusion Workflow Administrator
  • OCI Service Administrator and Fusion Security Administrator
  • OCI Service Developer and Fusion Security Administrator

Business Benefit
You can now analyze users and their assigned roles for sensitive access and separation of duties within each of the data sources you set up, and across any of these data sources and Oracle Cloud.

Steps to Enable

To set up a connection to a synchronized data source, complete these tasks:

  • If you haven't done so already, activate permission groups for the Risk Administrator and Advanced Access Controls Analyst predefined roles, and for related custom roles if you have any. See the Required Security Update topic.
  • You may need to add privileges to a duty role. See the Access Requirements Section.
  • Complete the setup procedure for each data source, and create a schedule to run a synchronization job that refreshes data. Each data source has its own setup procedure. For details on each procedure, see the Setup and Maintain Data Sources section of the Oracle Fusion Cloud Risk Management: Implementing Risk Management guide.
  • Import the model library for each data source. See the Import and Export section of the Oracle Fusion Cloud Risk Management: Using Advanced Controls guide.

Access Requirements

The Advanced Controls Administrator duty role requires two privileges that support synchronized data sources. They're already added to the predefined role, but if you use a custom version of this role, you need to add the privileges to your version. The privileges are:

  • Manage Additional Advanced Control Data Sources (GTG_MANAGE_ADDITIONAL_RISK_ MANAGEMENT_DATA_SOURCES_PRIV)
  • View Additional Advanced Control Data Sources (GTG_VIEW_ADDITIONAL_RISK_ MANAGEMENT_DATA_SOURCES_PRIV)

See the Copy or Edit Risk Management Roles in the Security Console topic.