Oracle Cloud Security Model relies on a role-based security model, with Job Roles and Abstract Roles being the primary security components assigned to end-users. Job Roles are comprised of a collection of privileges - either assigned to the Job Role individually or through Duty Roles, a grouping of privileges - all of which ultimately allows the Job Role functional access to perform specific tasks in Oracle. Abstract Roles provide a user with basic access to the system, such as the ability to enter a time or expense report. To summarise, the security model is primarily defined by Data Security Policies and Function Security.
Challenges
Oracle Cloud application has expanded tremendously and with that more and more companies have understood the impact its security has on functional testing, key process executions and how it can either help or hinder compliance goals.
Organizations are always worried about the risks related to Segregation of Duties (SoD) and excessive sensitive accesses their users attain. An exceptionally common misconception is that out-of-the-box (seeded) roles can never get modified however, the reality is that these roles inherently contain an abundance of Segregation of Duties added to them in form of Function and Data security policies which get provisioned to different roles and privileges and 1 Security Role contains about 500 Function/Data security privileges to them which is impossible to validate manually with 100's of roles together. Also, the combinations of validation should be analyzed and using algorithms and data analytics only can be provided a comprehensive validation report to customers.
So, how can one know the changes between roles and their Function/Data Security?
Well, in our feature introduced by OpKey's Security Validation these questions have been answered and help the organizations instantly knowing the differences between Function/Data Security policies across all of the applications Seeded/Custom Roles by a Click of a button and helps its customers to maintain a compliant Oracle user security.
Validating your Job Roles Security
To utilize seeded roles can be the most appropriate approach for your organization, depending on which roles are needed for the user base and the organization's compliance requirements. However, should Job Role customization be needed, users can anytime build the custom roles whether to increase functionality or limit Segregation of Duties risks and excessive access.
Organizations can achieve similar results through different combinations of privileges, data security policies, and data security context assignments. Considerations of when the Security
Role Validation may be effective:
When seeded Duty Roles may be impacted through Oracle patch releases that will require evaluation to ensure the impacted roles are not resulting in unintended access for the end-user.
When the Administrator makes any change to user's access at one location and wants to make the similar changes to custom roles access
Or just a simple comparison between accesses of seeded and custom roles
OpKey's Security Validation Tool has been developed by a dedicated team of Oracle experts and data analytics experts designing a feature showcasing Security Validation at Summary Level, Detailed Level of Function/Data Security Changes across every role providing information on what really got added, modified or got removed from the system.
Organizations are constantly evolving, and as such, being able to gracefully adapt testing solution for security is required to meet end user compliance requirements. Implemented in over 20+ Oracle Cloud customers, OpKey is determined to provide its customers an seamless experience in Validating its Oracle Cloud access security saving them hundreds of hours of manual effort with 100% data accuracy.
Top comments (0)