Scribd Logo
Upload

Welcome to Scribd!

  • 4 Securing Oracle Procurement

    Uploaded by

    Mohamed Fathy Hassan
    42 views26 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    42 views26 pages

    4 Securing Oracle Procurement

    Uploaded by

    Mohamed Fathy Hassan

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 26

    Procurement Cloud Security Model

    Safe Harbor Statement


    The preceding is intended to outline our general product direction. It is intended for
    information purposes only, and may not be incorporated into any contract. It is not a
    commitment to deliver any material, code, or functionality, and should not be relied upon
    in making purchasing decisions. The development, release, and timing of any features or
    functionality described for Oracle’s products remains at the sole discretion of Oracle.

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 2


    Oracle Applications Cloud Security

    WHO can do WHAT on


    WHICH set of data?

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 3


    Security Management
    Offering /Module Activities
    Security Console View, Create, Modify Roles
    Create Users and Assign Roles to Users
    SSO , IP Whitelisting, Manage Database REs

    Navigator > Tools > Security Console


    Role required : IT Security manager
    Human Capital Management (HCM) Create Application users using -
    Task: Manage Users task > if HCM not Implemented
    Task: Hire an Employee > If HCM implemented

    Create Role Provisioning rules


    Task: Manage HCM Role Provisioning Rules
    Procurement Cloud (PRC) Create Procurement Agents
    Task: Manage Procurement Agents

    Data Access
    Task : Manage Business Unit Data Access for Users

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 4


    Types of Security Roles
    Abstract Role Generic Role not specific to a particular job.
    Roles associated with a user irrespective of job or job function
    Example: Employee, Manager, contingent Workers etc.

    Job Role Roles associated with the Job of an employee


    Map closely with Jobs in most organizations
    Example: Procurement Manager, Manufacturing Engineer etc.

    Duty Role Defines the duties a user can perform. Also called as Application roles.
    Example: Purchase Order Creation, Processing Payables Invoices etc.

    Discretionary Role Can be provisioned to selected users independent of job or abstract roles, on a
    purely discretionary basis
    Example: Supplier Qualification

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 5


    Job Role 1

    Duty Role 1 Duty Role 2 Duty Role 3


    P5

    Duty Role 4
    P6
    P1 P2 P3 P4 Duty Role 5

    Duty Roles are made up of


    • Function Security Privileges (Entitlement) P7
    • Data Security Policies (Action)

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 6


    Procurement Manager Procurement Manager
    US Business Unit Germany Business Unit Data Role

    ====================================================================================
    Procurement Job Role
    Manager Job Role

    Purchase Order Purchase Agreement Supplier Profile Duty Roles


    Creation Duty Creation Duty Enquiry Duty

    Search
    Supplier Qualification
    Supplier Privileges
    Viewing Duty
    Qualification
    Create Cancel Create Transfer
    Purchase Purchase Purchase BPA to
    Order Order Agreement Supplier

    View
    Supplier Assessment
    Supplier
    Viewing Duty
    Assessment

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |


    7
    Manage Data Access

    Data Role = Job + Data Access


    Job Role

    Procurement Manager Procurement Manager – Germany


    Procurement Manager – US

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |


    Data Security: Manage Data Access for Users
    • Use the Manage Data Access for Users task to assign users to data sets.
    – Assign data sets to users by provisioned role.

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |


    Types of Security Roles

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |


    Doris is hired…

    For doing what all employees do


    For doing the job she was hired for.. •Expense Reports
    • Purchase Requisitioner

    Data Roles Procurement Procurement


    Manager - US Manager - Germany

    Abstract
    Job Procurement Role
    Employee

    Roles Manager

    Duty Buyer Mgt PO Changes Duty Roles Enter Expenses Submit Expenses
    Roles Duty Duty

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |


    Start an Implementation
    – Use initial administrator user to create other user accounts
    – Add key roles for user accounts:

    • IT Security Manager (Security Console)


    • Application Implementation Consultant (Perform implementation tasks)
    • Application Implementation Manager (Perform implementation Projects)
    • Employee

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |


    Create User Account Process Flow
    Application User

    Create Create User


    Employee Add Roles Set Password
    Set Password
    (Setup Task: (Security (Security
    (Security
    Manage Users) Console) Console)
    Console)

    Implementation User

    Create User
    Set Password Add Roles
    (Security (Security
    Console) Console)

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |


    User Accounts
    To create application user accounts, use Setup task:
    Product Management > Users and Security > Manage Users

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |


    Create an Application User Account (E.g. Employee)

    Procurement > Users and Security >


    Manage Users

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |


    Create an Implementation User Account
    – Open the Security Console > Users tab

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |


    Assign Roles to User Accounts

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |


    LDAP Directory – Lightweight Directory Access Protocol

    Oracle Cloud Applications rely on


    Oracle Identity Management
    Products to
    • Manage Users
    • Manage Roles and
    • Permissions

    • Active Directory (AD) or


    • Oracle's Internet Directory (OID)

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 18


    Processes to be Performed on Users and Roles
    – Import User and Role Application Security Data:
    Import user and role data from LDAP and store in Applications Security tables.

    – Retrieve Latest LDAP Changes: Synchronizes users, roles, and role grants with definitions in LDAP.

    – Send Pending LDAP Requests: Manages requests to create or update users, roles, and role grants in LDAP.

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |


    Define Procurement Agents
    Key Concept

    Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 20


    Procurement Agent Setup

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |


    Segregation of Duties - SOD

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 22


    Role Provisioning Events
    – New Identities
    – Automatically Provisioned Roles
    – Deprovisioning Roles
    • Automatic
    • Manual

    Task: Manage HCM Role Provisioning Rules

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |


    Fusion Applications Security
    How it compares…
    • Yes, we externalized security to Fusion Middleware, LDAP and OPSS
    • But we paid a lot of attention to the consistency in Fusion

    E-Business Suite PeopleSoft

    Job Role Top Level Menu Top Level Menu


    Data Role Responsibility Employee ID + Role
    Duty Role Sub Menu Role(s)
    Privilege Form Function Permission Lists
    Permission Executable Executable

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |


    Auditing Security
    • The following audit reports are available:

    – User Role Membership Report: List of users and provisioned roles.


    – User and Role Access Audit Report: List of users and provisioned function and data accesses.
    – Inactive Users Report: List of inactive users.

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |


    Security Reference Resources
    Documentation
    Available in the Oracle Help Center: https://docs.oracle.com/
    • Oracle Applications Cloud Security Reference for Common Features
    • Oracle Procurement Cloud Security Reference
    • Oracle ERP Cloud Securing Oracle ERP Cloud
    • Oracle Global Human Resources Cloud Implementing Global Human Resources

    Training
    • Oracle Cloud Applications: Security Overview
    https://education.oracle.com/oracle-cloud-applications-security-overview/courP_6586
    (Oracle University: Training on Demand)

    Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |

    You might also like