1. Using Advanced Controls
  2. Create or Edit an Entitlement

Create or Edit an Entitlement

To build an entitlement is to name it, activate or inactivate it, and add or remove access points.

  1. Open the Access Entitlements page. Select Risk Management > Advanced Controls > Models > Actions > Access Entitlements.

  2. Each row of the Access Entitlements page provides summary information about an existing entitlement. In this page, you may:

    • Select Create to build an entirely new entitlement.

    • Click the row for an entitlement you want to edit, then click the Edit icon. As an alternative, click the entitlement name to open the page that displays full details about it, then click the Edit button in that page.

  3. Select values that characterize the entitlement:

    • Enter or modify a name of up to 250 characters and, optionally, a description.

      Consider creating a naming convention to distinguish entitlements that support access certifications from those that support access models and controls. A description may explain briefly the organizing principle or business purpose of the entitlement.

    • Select a status, Active or Inactive. Once you create an entitlement, you can't delete it, but you can inactivate it.

    • Under Comments, review any existing comments or click Add Comments to add a new one.

  4. Select a data source. (Oracle Cloud is the default.) Only access points from the data source you select are available for inclusion in the entitlement. You can select the data source only as you create the entitlement; as you edit it, you can't change the data source.

  5. Add access points:

    • In the Selected Access Points grid, click the Add option.

    • In a Search and Add dialog, filter the list of access points. Among search criteria:

      • Name and Description are display values identifying an access point. The Access Point ID is an internal name for a role or privilege, or the path to a user-defined access point.

      • Access Point Type values include Role, Privilege, and User Defined.

      • As you enter search values, you can use the percent symbol (%) as a wildcard.

    • Select access points from the filtered list.

      To select one, click its row. To select a continuous set, click the first point in the set, hold the Shift key, and click the last point. To select a discontinuous set, hold the Ctrl key as you click access points.

    • When you're satisfied with your selections, click Apply. Your selections appear in the Selected Access Points grid.

    • You may then enter new search parameters and select other access points, or close the Search and Add dialog.

  6. Potentially, delete access points:

    • In the Selected Access Points grid, select the rows for the access points you want to delete. Again, use the Shift or Ctrl key to select multiple rows.

    • Click the Delete option.

  7. Save the entitlement.

If you're creating an entitlement for the EPM-ARCS data source, you may find that some access points are unavailable for selection as you complete step 5. That's because they represent application roles that aren't assigned to any EPM-ARCS users. To make these access points available:

  1. Create a fictional EPM-ARCS user.

  2. Assign that user either the Viewer or User role, and the application roles that are unavailable for selection.

  3. Run the EPM-ARCS External Access Synchronization job (see Set Up Data Sources).

  4. Run the Global User Synchronization job (see Configure Global Users).