1. Securing Risk Management
  2. Required Security Update for Release 24C

Required Security Update for Release 24C

Quarterly update 24C adds new security technology that introduces elements called "permission groups." If you use certain features, you need to update predefined job roles to make permission groups available to users. If you have custom job roles based on the predefined roles, you'll need to update them as well.

The predefined roles you may update include:

  • Access Certification Administrator. The updates to this role and related custom roles are required if your organization plans to use the enhanced certifier worksheet. The updates are needed even if you began using the enhanced worksheet in an earlier release.

  • Risk Administrator, Advanced Access Controls Analyst, and Advanced Transaction Controls Analyst. The updates to these roles and related custom roles are required if your organization plans to set up EPM-ARCS as an external data source for access-risk analysis. The updates are needed even if you've set up this external data source in an earlier release.

Use the Security Console to update your job roles. For procedures to edit or create a role, see two topics: Create Risk Management Roles in the Security Console and Copy or Edit Risk Management Roles in the Security Console. But add this information:

  • Search for the role you want to update and click Actions > Edit.

  • The Basic Information page now includes an Enable Permission Groups button. Click it. A dialog opens, showing the name of the role you're updating. Click its Enable Permission Groups button. If you're working with a predefined job role, that's all you need to do (apart from saving the role, of course).

    Note: The Basic Information page displays a message saying not to modify a predefined role. In general, you shouldn't. Enabling permission groups is an exception.

  • If you're working with a custom job role, there's a second step. Once you've enabled permission groups, go to the Role Hierarchy page and, in it, select the Roles and Permission Groups tab. Click Add Roles. An Add Role Membership dialog opens; use it to search for and add a duty role that contains the permission groups appropriate for the job role you're updating. You'll add one of these:

    • General Stakeholder Access (ORA_DR_GTG_GEN_RISK_STAKEHOLDER_ACCESS_DUTY), if you're working with a role that supports the enhanced certifier worksheet.

    • Risk Stakeholder Administrative Access (ORA_DR_GTG_RISK_STAKEHOLDER_ADMIN_ACCESS_DUTY), if you're working with a role that supports the use of external data sources.

  • As a result of your selecting the Enable Permission Groups option in the Basic Information page, a Permission Groups page becomes active. Don't do anything in it.

  • The Users page retains the user assignments for the job role you're updating. The effect of saving the updated role is to assign appropriate permission groups to those users. If you want to modify the user assignments, you must do so in the Users page.