1. Using Advanced Controls
  2. Overview of Oracle Advanced Controls

Overview of Oracle Advanced Controls

Oracle Fusion Cloud Advanced Controls regulates activity in business applications. It includes two components:

  • Oracle Advanced Access Controls identifies users with sensitive-access and separation-of-duties conflicts in your applications. Each of these users has been assigned a single role or a combination of roles whose authorizations create the potential for fraud or significant error.

  • Oracle Advanced Financial Controls detects fraud, error, and other risk in transactions completed in Oracle Cloud applications, or in change tracking from the Oracle Cloud audit framework.

As you work with either of these components, you create models, then deploy controls from those models. Each model establishes a risk logic. Each control adopts the risk logic of the model it's based on.

  • An access model includes filters designating roles or privileges that, individually or in combination, would allow an individual user to complete risky behaviors. It then selects users assigned those points of access.

  • A transaction model includes filters that define aspects of risk, then select transactions exhibiting the defined risk. (Models created in Oracle Advanced Financial Controls are known as "transaction models.")

A model returns temporary results: suspect records that are replaced each time the model is evaluated. Use a model to test a risk-logic definition before applying that definition in a control. Or, if you're an auditor, use models to assess the risk inherent in a system at a given moment.

A control returns permanent results: records of violations that remain available to be resolved no matter how often the control is run. Each record is known as an incident; each control names one or more result investigators, who are responsible for resolving the incidents it generates. Investigators can track the status of incidents in result-management pages.

You may create perspectives; each is a set of hierarchically arranged values. Each represents a context in which models, controls, and incidents exist. You can relate individual perspective values to individual objects, thus cataloging them by organization, region, or any other concept your company finds meaningful.

Some features apply only to Oracle Advanced Access controls. These include:

  • The ability to perform access analysis on data from an EPM-ARCS data source, which supplies user-access data from Oracle Enterprise Performance Management Account Reconciliation. However, you must set up a connection to the data source (see Set Up Data Sources). Also, in release 24C you must update some job roles, even if you've set up the EPM-ARCS data source in an earlier release (see Required Security Update for Release 24C).
  • Visualizations. These are graphic depictions of paths that lead from users to roles they're assigned and ultimately to access points that models or controls define as conflicting.
  • Simulations. These preview the effects of steps that may be taken to resolve access conflicts identified by controls.
  • Provisioning rules. These identify pairs of conflicting roles. You can use them to prevent risky role assignments.
  • Advanced Access Requests. This implements a workflow for requesting or assigning ERP roles. The workflow incorporates analysis by access controls.