Académique Documents
Professionnel Documents
Culture Documents
com/ca
Riaz Rahaman
Ravi Gaddam
PricewaterhouseCoopers LLP 2
Traditional Responsibility Based Security
• Responsibilities
• Menus
• Exclusions
PricewaterhouseCoopers LLP 3
Data Security
PricewaterhouseCoopers LLP 4
Role Based Access Control
Defined
PricewaterhouseCoopers LLP 5
RBAC Models
PricewaterhouseCoopers LLP
RBAC Models
PricewaterhouseCoopers LLP
How RBAC is different than Responsibilities?
Quick Comparison
Responsibilities RBAC
• normally do not have direct link with the • reflects actual business jobs and roles
actual employee role or job
• do not provide for categorisation of roles • allows categorisation of roles and hence
efficient user management
PricewaterhouseCoopers LLP 8
Role Based Access Control
in Oracle Applications
PricewaterhouseCoopers LLP 9
Why should I consider RBAC?
Quick look at benefits
• Greater Productivity
• Cost Reduction
• Better Security
• Object Oriented
PricewaterhouseCoopers LLP 10
User Management
Replaces traditional System Administrator > Security > User > Define.
This approach works well when we have limited number of users and
responsibilities which doesn’t change very often.
PricewaterhouseCoopers LLP 11
User Management
PricewaterhouseCoopers LLP 12
User Management
Demo
PricewaterhouseCoopers LLP 13
Responsibility Security - Revisited
PricewaterhouseCoopers LLP 14
Functions and Permissions in RBAC
PricewaterhouseCoopers LLP 15
Role Categories
PricewaterhouseCoopers LLP 16
Role Categories
PricewaterhouseCoopers LLP 17
Roles
PricewaterhouseCoopers LLP 18
Role Inheritance
Demo
PricewaterhouseCoopers LLP 19
Role Inheritance
PricewaterhouseCoopers LLP 20
Assigning Roles
Demo
PricewaterhouseCoopers LLP 21
Assigning Roles
PricewaterhouseCoopers LLP 22
Controller Role Example
Demo
PricewaterhouseCoopers LLP 23
Controller Role Example
PricewaterhouseCoopers LLP 24
Q&A
PricewaterhouseCoopers LLP 25
Presenters Profile
PricewaterhouseCoopers LLP 26
Experienced Resources
Strategy through Execution
• Growing practice – Organic, acquisitions, and alliances/JBRs
Acquired Diamond to broaden our strategic go-to-market offerings Strategy
Acquired ISH to broaden our Oracle Healthcare focus
Assess
Acquired PRTM who have been a strong partner with Oracle in their High
Technology, Industrial Mfg, Aerospace & Defense sectors Recommend
Acquired resources and assets from BearingPoint’s
commercial practice Design
Acquired Entology to enhance Oracle IdM capabilities Implement
Acquired resources from MTS Allstream to enhance our Canadian practice
Run/Operate
• Global team – More than 2,500+ Oracle specialists offer the full range of
Oracle services (600 in the U.S.) Improve/Enhance
• Experience – Our team members are veterans of over 1,500
Oracle engagements
• Cost-effective staffing options – Including Global Delivery Centers in China
and India, alliances, JBR’s and third party labor options
• Top Oracle partner – Oracle’s top tier “globally managed partner” and an
Oracle Platinum Partner
PricewaterhouseCoopers LLP 27
We help business leaders anticipate,
create and manage change.
This publication has been prepared for general guidance on matters of interest only, and does
not constitute professional advice. You should not act upon the information contained in this
publication without obtaining specific professional advice. No representation or warranty
(express or implied) is given as to the accuracy or completeness of the information contained
in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its
members, employees and agents do not accept or assume any liability, responsibility or duty of
care for any consequences of you or anyone else acting, or refraining to act, in reliance on the
information contained in this publication or for any decision based on it.
© 2014 PwC. All rights reserved. "PwC" refers to PricewaterhouseCoopers LLP, a Delaware
limited liability partnership, which is a member firm of PricewaterhouseCoopers International
Limited, each member firm of which is a separate legal entity. This document is for general
information purposes only, and should not be used as a substitute for consultation with
professional advisors.