Access Controls Supports Imported Data Sources

You can import role-assignment data for analysis by access models and controls. The imports are from applications, such as Workday and Salesforce, that aren't among the synchronized data sources to which you can set up connections. Data from all these applications form a data source called "Imported."

One way to import (or update) access data is via import files. A second way to import data is via a REST API (click this link for its documentation).

To import data via import files, complete three tasks:

  • Export a template from Advanced Controls. The template is an Excel worksheet. For the first import, the template is blank. For subsequent imports, the template contains data from the previous import.
  • For your first import, enter records of role assignments in applications you want models and controls to analyze. For subsequent imports, edit the existing records, typically by adding or removing role-assignment records.
  • Import the template back into Advanced Controls.

Icons to export and import the template are available in the Select Business Objects page, which is in turn available from the page to create or edit an access model. For detailed instructions on exporting, populating, and importing the template, see the Import Role-Assignment Data topic.

Some features have been augmented to support multiple data sources:

  • The Imported data source has its own set of three business objects for use in access models, which provide data for access-point, entitlement, and condition filters.
  • The grids displaying records of incidents and model results now contain a Data Source column, which identifies the data source that supplies the data contained in each record.
  • The pages to create entitlements, global conditions, and user-defined access points now require you to select a data source. Only access points from the source you select are then available for use in the element you're creating. (As you edit the element, you can't change its data source.)
  • In the page to manage global users, a Count column provides the number of data sources in which each user has accounts, and a Data Source column names the data source in which each user has accounts. The Data Source value for a given user is "Multiple" if that user is identified as the same global user across multiple data sources. If so, a Related Global Users page identifies that user's data sources.

Business Benefit
You can now analyze users and their assigned roles for sensitive access and separation of duties within each of the Oracle Cloud and Imported data sources, and across the two data sources.

Steps to Enable

Add two new privileges that activate the template import and export icons in the Select Business Objects page. See the Access Requirements section, below.

Access Requirements

For the import and export icons to appear in the Select Business Objects page, you must add two privileges that are currently not included in any predefined role. You can add the privileges directly to a custom job role, or to a custom version of the Advanced Controls Administrator role. The privileges are:

  • Export Access Point Data (GTG_EXPORT_ACCESS_POINT_DATA_PRIV)
  • Import Access Point Data (GTG_IMPORT_ACCESS_POINT_DATA_PRIV)

See the  Copy or Edit Risk Management Roles in the Security Console topic.