1. Using Advanced Controls
  2. Overview of Oracle Advanced Controls

Overview of Oracle Advanced Controls

Oracle Fusion Cloud Advanced Controls regulates activity in business applications. It includes two components:

  • Oracle Advanced Access Controls identifies users with sensitive-access and separation-of-duties conflicts in your applications. Each of these users has been assigned a single role or a combination of roles whose authorizations create the potential for fraud or significant error.

  • Oracle Advanced Financial Controls detects fraud, error, and other risk in transactions completed in Oracle Cloud applications, or in change tracking from the Oracle Cloud audit framework.

As you work with either of these components, you create models, then deploy controls from those models. Each model consists of filters that establish a risk logic. Each control adopts the risk logic of the model it's based on.

  • Access-model filters designate roles or privileges that, individually or in combination, would allow an individual user to complete risky behaviors. They then select users assigned those points of access.

  • Transaction-model filters define aspects of risk, then select transactions exhibiting the defined risk. (Models created in Oracle Advanced Financial Controls are known as "transaction models.")

A model returns temporary results: suspect records that are replaced each time the model is evaluated. Use a model to test a risk-logic definition before applying that definition in a control. Or, if you're an auditor, use models to assess the risk inherent in a system at a given moment.

A control returns permanent results: records of violations that remain available to be resolved no matter how often the control is run. Each record is known as an incident; each control names one or more result investigators, who are responsible for resolving the incidents it generates. Investigators can track the status of incidents in result-management pages.

Models and controls can analyze data from multiple data sources. By default, an Oracle Cloud data source supplies access and transaction data from many Oracle Fusion Cloud applications. "Synchronized" data sources provide data from other applications, but only after you set up connections to them. These sources include:

  • EPM-ARCS, which provides access and transaction data from Enterprise Performance Management Account Reconciliation.

  • Up to three instances of EPM-FCCS, each providing access and transaction data from a distinct "pod" in Enterprise Performance Management Financial Consolidation and Close.

  • OCI, which provides access data, but not transaction data, from Oracle Cloud Infrastructure.

You can also import role-assignment data from applications, such as Workday and Salesforce, that aren't among the synchronized data sources to which you can set up connections.

Some features apply only to Oracle Advanced Access controls. These include:

  • Visualizations. These are graphic depictions of paths that lead from users to roles they're assigned and ultimately to access points that models or controls define as conflicting.

  • Simulations. These preview the effects of steps that may be taken to resolve access conflicts identified by controls.

  • Provisioning rules. These identify pairs of conflicting roles. You can use them to prevent risky role assignments.

  • Advanced Access Requests. This implements a workflow for requesting or assigning ERP roles. The workflow incorporates analysis by access controls.

Related Topics