Fusion Security

Oracle Online Training Materials – Usage Agreement
Use of the information, documents and online training courses (collectively, “Materials”) found on this area of the Site constitutes
agreement with the following terms and conditions (as well as those set forth in the Purpose and Disclaimer sections below):
1. Oracle is pleased to allow its business partner (“Partner”) to download and copy the Materials found on this area of the Site. The
Materials are proprietary information of Oracle. Partner or other third party at no time has any right to resell, redistribute or create
derivative works from the Materials. The use of the Materials is restricted to the non-commercial, internal training of the Partner’s
employees only. The Materials may not be used for training, promotion, or sales to customers or other partners or third parties.
2. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective
owners.
3. Oracle disclaims any warranties or representations as to the accuracy or completeness of any Materials. Materials are provided "as
is" without warranty of any kind, either express, implied or statutory, including without limitation the implied warranties of merchantability,
satisfactory quality, fitness for a particular purpose, accuracy, timeliness and non-infringement of third-party rights. The information
contained herein is subject to change without notice.
4. Under no circumstances shall Oracle be liable for any loss, damage, liability or expense incurred or suffered which is claimed to have
resulted from use of these Materials. As a condition of use of the Materials, Partner agrees to indemnify Oracle from and against any and
all actions, claims, losses, damages, liabilities and expenses (including reasonable attorneys' fees) arising out of Partner’s use of the
Materials.
1 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Oracle Proprietary and Confidential
1
Purpose:
This document provides an overview of features and enhancements included in Oracle Fusion Applications 11gR1 Release 11.1.1.5.0
and applicable updates. It is intended solely to help you assess the business benefits of upgrading your existing Oracle Products to this
release, or implementing completely new Oracle developed products, and planning your I.T. Projects.
Disclaimer:
This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. Your
access to and use of this confidential material is subject to the terms and conditions of your Oracle Software License and Service
Agreement or other applicable contract with Oracle, with which you agree to comply. This document and information contained herein
may not be disclosed, copied, reproduced or distributed to anyone outside Oracle without Oracle’s prior written consent. This document
is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or
affiliates.
This document is intended to outline our general product direction. It is intended for informational purposes only and solely to assist you
in planning for the implementation and upgrade of the product features described. Release information contained in this document is not
a firm development plan. Release information published here should not be used as the basis for customer delivery commitments, as
part of marketing efforts, or during contract negotiations. This is not a commitment to deliver any material, code, or functionality, and
should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality, and
inclusion or not thereof in the commercially available version of the Software, if any, is subject to change at any time and is always at
Oracle’s sole discretion. This document is not considered part of the applicable program documentation.
Due to the nature of the product architecture, it may not be possible to safely include all features described in this document without
risking significant destabilization of the code.
2
<Insert Picture Here>
Oracle Fusion Security

Implementation and Configuration Considerations
Mahesh Sabapathy
May 2011
• Feature Highlights
• Summary of Functionality
• What’s Changed?
• Roles for Implementation
• Overview of Setup Tasks
• Decision Points
• Setup Tasks
• Additional Resources
• Decision Points
• Setup Tasks
Security – Feature Highlights
• Role Based Access
• Segregation of Duties Enforcement
• Data Security
• Privacy
• Identity Management and Access Provisioning
• Enforcement across tools
• Integration with Governance Risk and Controls
• A rich reference implementation
• Roles that you will recognize as Jobs
• Duties you will recognize as a line item description of those jobs
• Role hierarchy that contains the duties for those jobs
• Duties respect the segregation of duties constraints that come with
GRC Access Controls Governor
• Set of data security policies that helped us build the application
• Attributes considered Personally Identifiable and what roles are
authorized to view those attributes
Security – Summary of Functionality
• Productivity
• Secure “Out of the Box”
• Secure across tools and transforms
• Easier to make new employees productive
• Regulatory compliance is easier, and cheaper to achieve
• Easier user lifecycle management with Identity based provisioning and on-
ramping
• Easier for management to review and approve access
• Adaptability
• Standards based and integrated security model
• Provisioning and On Ramping to unique requirements
• Manageability
• Demonstrable Segregation of Duties (SOD)
• Demonstrable Coherent / Consistent data security
• Demonstrable Management Accountability for Security
• Sensitive information protected across the information lifecycle
Authorization Policy Manager
Oracle Identity Manager
Manage Role Mappings
New Person – Hire an Employee
New Person – Roles
Oracle Fusion <Option>
• Decision Points
• Setup Tasks
What’s changed?
From Oracle EBS From Peoplesoft Enterprise
Security externalized to Fusion

Middleware, OIM and APM Security externalized to Fusion
Middleware, OIM and APM
New
Aligned to the role-based-

access-control (RBAC) Aligned to the role-based-
standard access-control (RBAC) standard
Secure “out-of-the-box” Secure “out-of-the-box”
Data Role -> Responsibility

Adopted
Job Role -> Top Level Menu

Duty Role -> Sub Menu
Privilege -> Form Function
Permission -> Executable
Oracle Fusion <Option>
• Decision Points
• Setup Tasks
Roles for Implementation
Job Role Duty Roles
IT Security Manager •Application Key Flexfield Administration Duty
•CRM Database Resource Administration Duty
•Data Access Administration Duty
•FND Database Resource Administration Duty
•FSCM Database Resource Administration Duty
•Foundation User and Roles Management Duty
•Functional Setups Duty
•GRC Setup Management Duty
•HCM Batch Data Loading Duty
•HCM Database Resource Administration Duty
•HCM Role Mappings Management Duty
•HCM Security Management Duty
•Partner Account Administration Duty
•Payments Data Security Administration Duty
•Policy Manager CRM Database Resource
Administration Duty
•Policy Manager FND Database Resource
Administration Duty
•Policy Manager FSCM Database Resource
Administration Duty
Overview of Setup Tasks
Define Security – CRM Common to all
offerings
Specific to CRM
offerings
Define Security - Financials
Specific to Financials
offerings
Define Security – Human Capital
Specific to HCM
offerings
Define Security – Procurement
Specific to
Procurement offering
Decision Points
Topic Decisions
Defining Implementation users •Use the user defined at the time
of provisioning
•Create specific implementation
users in OIM using the Define
Implementation Users tasklist
Use enterprise role delivered •Reference implementation
through the reference enterprise role inherits the legacy
implementation or enterprise role enterprise role
from the legacy system? •Map the enterprise role delivered
through the reference
implementation to your legacy
enterprise role
•Rename legacy role names in
case of conflicts
Decision Points
Topic Decisions
Role provisioned with SOD • Configure GRC to:
conflicts? •Remediate
• Approve
• Deny request
What roles are requestable, self- •For example, the Line manager
requestable? roles should be requestable
•Another example, the
Procurement Requester role
should be self requestable
• Decision Points
• Setup Tasks
Define Security: Setup Tasks
• Common to Fusion:
• Manage Job Roles
• Manage Duties
• Manage Data Security Policies
• Manage Role Templates
• Manage HCM Role Provisioning Rules
• Import Worker Users
• Manage Users
• Customer Relationship Management

• Import Partner Users
• Financials
• Manage Data Access Sets
Define Security: Setup Tasks
• Human Capital Management
• Manage Data Role and Security Profiles
• Manage Legislative Data Group Security Profile
• Manage Organization Security Profile
• Manage Person Security Profile
• Manage Country Security Profile
• Manage Position Security Profile
• Manage Document Type Security Profile
• Manage HCM LDAP User Account Options
• Procurement
• Manage Supplier User Roles
Manage Job Roles
Edit
Define
hierarchy
Manage Duties
Manage Duties
Manage Data Security Policies
Manage Role Templates
Data role display

name format
Manage HCM Role Provisioning Rules
Employee
Line Manager
Import Worker Users
Manage Users
Manage Users
Manage Users
Import Partner Users (CRM)
Manage Data Access Sets (Financials)
Full Ledger or
Primary Balancing Segment Value
Manage Organization Security Profile (HCM)
Manage Data Role and Security Profile
(HCM)
(HCM)
(HCM)
(HCM)
Manage HCM LDAP User Account Options
(HCM)
Manage Supplier User Roles
(Procurement)
Manage Application Access Control
(GRC)
• Decision Points
• Setup Tasks
Additional Resources
• More detail about each of these topics can be

found in the Fusion Applications Security
Guide
• Related Functional TOIs can be found in the
Fusion Learning Center
• Manage Security - Setup Access and Data Security

Fusion Security

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Fusion Security

Transféré par

Droits d'auteur :

Formats disponibles

Oracle Online Training Materials – Usage Agreement

Oracle Fusion Security

Security externalized to Fusion

Aligned to the role-based-

Data Role -> Responsibility

Job Role -> Top Level Menu

• Customer Relationship Management

Data role display

• More detail about each of these topics can be

Vous aimerez peut-être aussi