1. Implementing Risk Management
  2. Prerequisites for Data Sources

Prerequisites for Data Sources

You may need to complete some preparatory steps to activate data sources or to enable the import of role-assignment data.

To set up a connection to an EPM-ARCS, EPM-FCCS, or OCI data source:

  • If you haven't done so already, activate permission groups for the Risk Administrator, Advanced Access Controls Analyst, and Access Certification Administrator predefined roles, and for related custom roles if you have any. See the Required Security Update topic.

  • The Advanced Controls Administrator duty role requires two privileges that support synchronized data sources. They're already added to the predefined role, but if you use a custom version of this role, you need to add the privileges to your version. The privileges are:

    • Manage Additional Advanced Control Data Sources (GTG_MANAGE_ADDITIONAL_RISK_ MANAGEMENT_DATA_SOURCES_PRIV)

    • View Additional Advanced Control Data Sources (GTG_VIEW_ADDITIONAL_RISK_ MANAGEMENT_DATA_SOURCES_PRIV)

    See the Copy or Edit Risk Management Roles in the Security Console topic.

Two privileges are required for users to import role-assignment data, but they're not included in any predefined role. So you need to add the privileges to a custom role and assign it to appropriate users. The privileges are:

  • Export Access Point Data (GTG_EXPORT_ACCESS_POINT_DATA_PRIV)

  • Import Access Point Data (GTG_IMPORT_ACCESS_POINT_DATA_PRIV)

The custom role can be a job role based on a copy of the predefined Advanced Access Controls Analyst role. Or it can be a duty role based on a copy of the predefined Advanced Controls Administrator duty role, and added to the role hierarchies of custom job roles.