User-Defined Access Points

Whether an access point constitutes an element of a separation-of-duties conflict may depend on how a user reaches it. So instead of an access point, you may want to include an access path in a model filter.

A user-defined access point is precisely that: a specific path to an access point in the Oracle Cloud data source. (The EPM-ARCS data source doesn't support user-defined access points.) For example, a privilege may present risk if a user can reach it by way of a path that grants write access. However, it may be innocuous if it's available through a path that grants only read access. You can create a user-defined access point that specifies the path granting write access.

Once created, a user-defined access point belongs to the Access Point business object. You'd select it for use in a model filter or an entitlement as you'd select any other access point. Its name is the path you've defined for it.

Be aware that if you edit a user-defined access point, you change the risk logic of any model or control that uses the access point. When you run such a control after editing its user-defined access point, you may cause existing incidents to be closed automatically.

To work with user-defined access points, select User-Defined Access Points from the Actions menu of either the Models or Controls page. In a User-Defined Access Points page, each row provides summary information about a user-defined access point. Click the name of one to open a page that displays full details of its configuration.