1. Using Access Certifications
  2. Create or Edit Entitlements for Access Certifications

Create or Edit Entitlements for Access Certifications

An entitlement is a set of related access points. You may select an entitlement as you create a filter for a scoping job.

  • For a standard certification, an entitlement filter returns every assignable role that meets two conditions: it's a parent of any access point in the entitlement, and it's assigned to at least one user.

  • For a continuous certification, an entitlement filter returns both assigned and unassigned roles that are parents of access points included in the entitlement.

Note: Oracle Fusion Cloud Advanced Controls and Oracle Access Certifications share the UI pages to manage, create, and edit entitlements. Because Oracle Advanced Controls can analyze data from multiple data sources, the page to create an entitlement includes a field to specify a data source. However, always select the Oracle Cloud data source as you create entitlements for Oracle Access Certifications. It doesn't analyze data from any other data source.

To build an entitlement is to name it, activate or inactivate it, and add or remove access points.

  1. Open the Access Entitlements page. Select Risk Management > Access Certifications > Access Entitlements.

  2. Each row of the Access Entitlements page provides summary information about an existing entitlement. In this page, you may:

    • Select Create to build an entirely new entitlement.

    • Click the row for an entitlement you want to edit, then click the Edit icon. As an alternative, click the entitlement name to open the page that displays full details about it, then click the Edit button in that page.

  3. Select values that characterize the entitlement:

    • Enter or modify a name of up to 250 characters and, optionally, a description.

      Consider creating a naming convention to distinguish entitlements that support access certifications from those that support access models and controls. A description may explain briefly the organizing principle or business purpose of the entitlement.

    • Select a status, Active or Inactive. Once you create an entitlement, you can't delete it, but you can inactivate it.

    • In a Comments region, review any existing comments or click Add Comments to add a new one.

  4. In a Data Source field, accept the default value, Oracle Cloud, as you create the entitlement. Oracle Access Certifications doesn’t evaluate data from other sources. (As you edit an entitlement, you can't change its data source.)

  5. Add access points:

    • In the Selected Access Points grid, click the Add option.

    • In a Search and Add dialog, filter the list of access points. Among search criteria:

      • Name and Description are display values identifying an access point. The Access Point ID is an internal name for a role or privilege, or the path to a user-defined access point.

      • Access Point Type values include Role, Privilege, and User Defined.

      • As you enter search values, you can use the percent symbol (%) as a wildcard.

    • Select access points from the filtered list.

      To select one, click its row. To select a continuous set, click the first point in the set, hold the Shift key, and click the last point. To select a discontinuous set, hold the Ctrl key as you click access points.

    • When you're satisfied with your selections, click Apply. Your selections appear in the Selected Access Points grid.

    • You may then enter new search parameters and select other access points, or close the Search and Add dialog.

  6. Potentially, delete access points:

    • In the Selected Access Points grid, select the rows for the access points you want to delete. Again, use the Shift or Ctrl key to select multiple rows.

    • Click the Delete option.

  7. Save the entitlement.