7/29/2019 Ensuring Security in Oracle r12 Financials

1/47

Ensuring Securityin Oracle R12 Financials

A webcast presented by IT Convergence - September, 2010

7/29/2019 Ensuring Security in Oracle r12 Financials

2/47

IT Convergence 2010 All rights reserved.

Global Reach, Local Expertise

NEW YORK

CHICAGO

SAN FRANCISCO

SHANGHAIMEXICO HYDERABAD

BANGALORE

BUENOS AIRES

SAO PAULO

7/29/2019 Ensuring Security in Oracle r12 Financials

3/47

IT Convergence 2010 All rights reserved.

Taking Our Own Medicine

Used theE-Business Suite

since 2004

Upgradedto R12

in J anuary 2009

ImplementedOBIEE

in J anuary 2010

And we host our systems

7/29/2019 Ensuring Security in Oracle r12 Financials

4/47

IT Convergence 2010 All rights reserved.

On the Phone

Host Keith Thomas

Marketing Analyst

Presenter Margaret Wong

Strategic Education Services Manager

7/29/2019 Ensuring Security in Oracle r12 Financials

5/47

IT Convergence 2010 All rights reserved.

Agenda

New Security Features in Oracle Financials R12

Successive Layers of Access Control

Sign on Password Security

7/29/2019 Ensuring Security in Oracle r12 Financials

6/47

IT Convergence 2010 All rights reserved.

LedgerOne Repository of Financial Truth

US GAAPUS COAUS CalendarEUR

Ledger Bedger B

Reporting Currency

Implements the 4 Cs:Accounting MethodChart of AccountsCalendarCurrency

Implements the 4 Cmplements the 4 Cs::Accounting Methodounting MethodChart of Accountsart of AccountsCalendarlendarCurrencyrrency

The balance on Creditors (COA)

is 4.2M Euro (Currency)on March 31, 2010 (Calendar)

according to IAS/IFRS definitions (Accounting Method)

7/29/2019 Ensuring Security in Oracle r12 Financials

7/47

IT Convergence 2010 All rights reserved.

Ledger Sets

Global InformationAt A Glance

Ledger Setedger Setedger Set

Key benefits to many Ledgers in one set Decision-driving business information always available Simpler processing and General Ledger management Data and definitions that can be shared and secured

US GAAPUS COAUS CalendarUSD

US GAAPUS COAUS CalendarUSD

Ledger Cedger Cedger C

US GAAPUS COAUS CalendarEUR

Ledger Bedger BFrench RulesPlan ComptableFrench CalendarEUR

Ledger Aedger A

Share:Chart of AccountsCalendarShare:hare:Chart of Accountsart of AccountsCalendarlendar

Ledger Dedger Dedger D

Reporting Currency

US GAAPUS COAUS CalendarAUD

7/29/2019 Ensuring Security in Oracle r12 Financials

8/47

IT Convergence 2010 All rights reserved.

Ledger Sets

Grouping of ledgers with the same chart of accounts and

calendar/period type combination

Essentially treats multiple ledgers as one

7/29/2019 Ensuring Security in Oracle r12 Financials

9/47

IT Convergence 2010 All rights reserved.

Ledger Set

Open/Close Periods

Open/Close Periods Independently orSimultaneously

Create Journals

Allocations Across Ledgers

Recurring Journals for All Ledgers

Translate Balances

Translate Balances for All Ledgers

View Information

No Changing Responsibi lities

View Journals and Account Balances

Create Reports

Report on One or All Ledgers in a Ledger

Set

Perform the Following Across Ledgers:

Ledger 2

Ledger SetLedger Set

Ledger 1

Ledger 4

Ledger 3

7/29/2019 Ensuring Security in Oracle r12 Financials

10/47

IT Convergence 2010 All rights reserved.

Multi-Ledger Processing Benefits

Increased Operational Efficiency

Reduce setup and processing t ime by performing operations on

mult iple ledgers simultaneously

Greater Control over Processes

Control your processing for multiple ledgers regardless of

accounting setup e.g. Scheduling the creation of closing journals for multiple ledgers

Increased Data Accuracy

Keep all ledgers sync by keeping them on the same closeschedule

7/29/2019 Ensuring Security in Oracle r12 Financials

11/47

IT Convergence 2010 All rights reserved.

Definit ion Access Sets

Control Access to Setup Objects and Definitions

independently of Data Security

Secure Setup Objects and Definitions that are naturally

shared across ledgers and charts of accounts, such as FSG

Reports and Mass Allocations

Enable Setup Autonomy within Multi-Legal Entity Ledgers

Assigned to Responsibility, but access granted to User

7/29/2019 Ensuring Security in Oracle r12 Financials

12/47

IT Convergence 2010 All rights reserved.

Definit ion Access Sets

Accounting Calendars

AutoAllocations

AutoPost Criteria Sets

AutoReversal Criteria Sets

Budget Formulas

Budget Organizations

Chart of Accounts Mappings

Consolidation Definit ions

Consolidation Sets

Elimination Sets

FSG Reports and components

MassAllocations

MassBudgets

Rate Types

Recurring Journals

Revaluations

Transaction Calendars

Securable Definitions using Definition Access Sets

7/29/2019 Ensuring Security in Oracle r12 Financials

13/47

IT Convergence 2010 All rights reserved.

Definit ion Access Sets

Control Access to Definitions

UseUse ViewView ModifyModify

Financial Analyst Controller

Rent Allocation

Recurring Rent

Rent Allocation

Recurring Rent

FSG Reports

Revalutions

PrivilegesPrivileges

7/29/2019 Ensuring Security in Oracle r12 Financials

14/47

IT Convergence 2010 All rights reserved.

Data Access Set

Grant and tailor access to Ledgers and BalancingSegment Values (i.e. Companies, Stores, Branches, etc.)

7/29/2019 Ensuring Security in Oracle r12 Financials

15/47

IT Convergence 2010 All rights reserved.

Data Access Set:

Management Reporting and Security

y Management Segment

Optionally qualify a segment as the management segment to

perform management reporting Secure read and write access to Ledger/Management

Segment Value combinations using Data Access Sets

Management

Co CC Acct I/C

Balancing Cost Center Natural

AccountIntercompany

7/29/2019 Ensuring Security in Oracle r12 Financials

16/47

IT Convergence 2010 All rights reserved.

Data Access Set:

Management Reporting and Security

OU97

OS69

OX53

Co CC Acct I/C

Primary Ledger

LE

Managers enter adjustments usingtheir management segment value

Data access set security ensuresmanagers only update/view info. fortheir area of responsibility

7/29/2019 Ensuring Security in Oracle r12 Financials

17/47

IT Convergence 2010 All rights reserved.

Data Security by Application

Application Partitioned By

GL, FA Ledger

FA Asset Book

HR Business Group

OM, AR, AP, PO, CE, PA,

AS, SC, ASO, ASN, ASTOperating Unit

INV, MFG Inventory Organization

7/29/2019 Ensuring Security in Oracle r12 Financials

18/47

IT Convergence 2010 All rights reserved.

Cross Organization Reporting

Report at multiple levels:

Ledger

GRE/Legal Entity

Operating Unit

System profi le

MO: Top Reporting Level

Enhanced reporting features:

Reporting Level

Reporting Context

7/29/2019 Ensuring Security in Oracle r12 Financials

19/47

IT Convergence 2010 All rights reserved.

Organization Reporting

Options Ledger

MO: Top Reporting

Level is set to

Ledger.

Reporting Level

parameter is set toLedger.

Reporting Context

parameter is set to

Ledger 1.

OU1

Op Unit

Ledger 1

OU3

Op Unit

LE1

GRE/Legal entity

LE2

GRE/Legal entity

OU2

Op Unit

7/29/2019 Ensuring Security in Oracle r12 Financials

20/47

IT Convergence 2010 All rights reserved.

Organization ReportingOptions Legal Entity

MO: Top Reporting

Level is set to

GRE/Legal entity.

Reporting Level

parameter is set toGRE/Legal entity.

Reporting Context

parameter is set to

LE2.

OU2

Op Unit

OU3

Op Unit

Ledger

OU1

Op Unit

LE1

GRE/Legal entity

LE2

GRE/Legal entity

7/29/2019 Ensuring Security in Oracle r12 Financials

21/47

IT Convergence 2010 All rights reserved.

Organization ReportingOptions Operating Unit

MO: Top Reporting

Level is set to

Operating Unit.

Reporting Level

parameter is set toOperating Unit.

Reporting Context

parameter is set to

OU3.

OU1

Op Unit

OU2

Op Unit

OU3

Op Unit

Ledger 1

LE1

GRE/Legal enti ty

LE2

GRE/Legal entity

7/29/2019 Ensuring Security in Oracle r12 Financials

22/47

IT Convergence 2010 All rights reserved.

Multi Org Access Control

Responsibilityesponsibility Responsibilityesponsibility Responsibilityesponsibility

HollandLegal Entity

DenmarkLegal Entity

BelgiumLegal Entity

Functional Tasksy Order Managementy Dunning, Collections,

Billing

y Requisition, Demand &Purchase Orders

y Receiving & Drop Shipy Invoice Receipt,

Disbursement

y Customer DataManagement

y Accounting Setup

Functional Tasksy Order Managementy Dunning, Collections,

Billing

y Requisition, Demand &Purchase Orders

y Receiving & Drop Shipy Invoice Receipt,

Disbursement

y Customer DataManagement

y Accounting Setup

Single Responsibility

BelgiumOperating Unit

HollandOperating Unit

DenmarkOperating Unit

Perform multiple tasks across operating units without changingresponsibilities

Role based access to Operating Units

7/29/2019 Ensuring Security in Oracle r12 Financials

23/47

Oracle Security at the System Administration level

7/29/2019 Ensuring Security in Oracle r12 Financials

24/47

IT Convergence 2010 All rights reserved.

Functions

ReportsUser

Application

Responsibility

Oracle Security - Overview

7/29/2019 Ensuring Security in Oracle r12 Financials

25/47

IT Convergence 2010 All rights reserved.

Creating User Credentials

Defining a New User

Define an authorized user

of Oracle Applications byspecifying a username andpassword.

Grant applicationprivileges by assigningone or moreresponsibil ities to the user

Assign one or moreresponsibilities

Enter username and password

Require password changeLimit access attempts

Enter usersstart date

1

2

3

4

Steps 1, 3, and 4 are required

7/29/2019 Ensuring Security in Oracle r12 Financials

26/47

IT Convergence 2010 All rights reserved.

Oracle Responsibility Creation Process

Data groups

SecurityORACLE

DataGroup

Menus

ApplicationMenu

Responsibilities

Security

Responsibility

Define

Request groups

SecurityResponsibility

Requests

Users

Security

User

Define

7/29/2019 Ensuring Security in Oracle r12 Financials

27/47

IT Convergence 2010 All rights reserved.

Successive Layers of Access Control

Access Control is implemented in successive layers and each

layer builds upon the one that precedes it .

Self Service and Approvals

Registration Processes

Delegated Administration

Role Based Access Control

Data Security

Function Security

Optional

Required1

2

3

45

6

7/29/2019 Ensuring Security in Oracle r12 Financials

28/47

IT Convergence 2010 All rights reserved.

Oracle Function Security - Overview

Function Security The most granular layer of accesscontrol

Restricts user access to the individual menus andmenu options

Provides specific object access control on pages

Each elements is represented by a permission

Order Entry example:

Controls users ability to create a new order or evenaccess the page

7/29/2019 Ensuring Security in Oracle r12 Financials

29/47

IT Convergence 2010 All rights reserved.

Oracle Function Security Managing Function

Security

Restricts user access to theindividual menus and menuoptions

Add or Remove Functions froma Responsibil ity

Maintain menu structureswhile eliminating specific

functionality

Exclude individual functionsfrom a responsibi lity

Menu Level 1

Menu Level 3

Menu Level 2

Function C

Function D

Function A

Function E

Function A

Function B

Subfunction A

Subfunction B

Subfunction A

Menu Level 3

Menu Level 2

7/29/2019 Ensuring Security in Oracle r12 Financials

30/47

IT Convergence 2010 All rights reserved.

The second layer of access control

Provides access to the data a user can view and the

actions a user can perform on that data

Restricts access to individual what actions a user can

perform on that data

Data Security Policies can reflect access to:

All Instances

An Instance Set

A Specific Instance

Data Security - Overview

7/29/2019 Ensuring Security in Oracle r12 Financials

31/47

IT Convergence 2010 All rights reserved.

Grants in regard to business objects are part of Data

Security Policies

Grants in regard to a set of an applications functionality

are part of Function Security

Three Types of Grantees:

A group of users

A specific user

All users (global)

Data Security - Grants

7/29/2019 Ensuring Security in Oracle r12 Financials

32/47

IT Convergence 2010 All rights reserved.

A permission is defined as an approval to perform an

operation on an object

Permissions can be grouped into permission sets

Permission sets can be granted to users or roles

independently of menus or responsibilit ies

Data Security Permissions and Permission Sets

7/29/2019 Ensuring Security in Oracle r12 Financials

33/47

IT Convergence 2010 All rights reserved.

Oracle User Management

The Oracle E-Business Suite Diagnostics security model has

been rewritten based on Role Based Access Control (RBAC -since ~ Nov. 2004)

External regulatory and auditing considerations

RBAC allows for more granular security:

Consolidate responsibilities, permissions, functionsecurity and data security policies

One-time permission set up

Structure user access control based upon users jobfunctions

7/29/2019 Ensuring Security in Oracle r12 Financials

34/47

IT Convergence 2010 All rights reserved.

Delegated Administration

Delegated Administration

Is a privilege model that builds on the RBAC system.

Provides organizations with the abili ty to assign the required

access rights for managing roles and user accounts.

Four types of privi leges:

Administration Privileges

User Administration Privileges

Role Administration Privileges

Organization Administration Privileges

7/29/2019 Ensuring Security in Oracle r12 Financials

35/47

IT Convergence 2010 All rights reserved.

Registration Processes

Registration processes are predefined registration

components

Oracle User Management contains the following

registration processes:

Self-Service Account Requests

Requests for Addit ional Access

Account Creation By Administrators

7/29/2019 Ensuring Security in Oracle r12 Financials

36/47

IT Convergence 2010 All rights reserved.

Self Service and Approvals

End users can perform self-service registration tasks:

Obtain new user accounts

Request additional access to the system

Reset Passwords

7/29/2019 Ensuring Security in Oracle r12 Financials

37/47

Password and Sign On Security

7/29/2019 Ensuring Security in Oracle r12 Financials

38/47

IT Convergence 2010 All rights reserved.

Signon Password Security: Password Expiration

7/29/2019 Ensuring Security in Oracle r12 Financials

39/47

IT Convergence 2010 All rights reserved.

Password Profile Options Failure Limit

7/29/2019 Ensuring Security in Oracle r12 Financials

40/47

IT Convergence 2010 All rights reserved.

Password Profile Options Hard to Guess

7/29/2019 Ensuring Security in Oracle r12 Financials

41/47

IT Convergence 2010 All rights reserved.

Password Profile Options Password Length

7/29/2019 Ensuring Security in Oracle r12 Financials

42/47

IT Convergence 2010 All rights reserved.

Password Profile Options Password No Reuse

7/29/2019 Ensuring Security in Oracle r12 Financials

43/47

IT Convergence 2010 All rights reserved.

Password Profile Options Case

7/29/2019 Ensuring Security in Oracle r12 Financials

44/47

IT Convergence 2010 All rights reserved.

Future Events

www.itconvergence.com

Make R12 Subledger

Functionalit ies Work For You

CRM solutions for Oracle E-

Business Suite Users -

Comparing the Market Leaderwith Oracle's Alternatives

Date October 4th, 2010 Date October 20th, 2010

Time 8:00 amPST Time 8:00 amPST

Register today at:

OAUG & IT CONVERGENCE

7/29/2019 Ensuring Security in Oracle r12 Financials

45/47

IT Convergence 2010 All rights reserved.www.itconvergence.com/workshops

R12

Preparing for an Oracle R12 Upgrade

Oracle R12 HRMS - Implement Oracle HR

Oracle R12 Project Accounting

Oracle R12 HRMS Compensation Workbench

Oracle R12 Financials New Features

Documentation and Compliance with Oracle Tutor & UPK

Expediting Month End Close with Oracle R12

BUSINESS INTELLIGENCE

OBIEE for Administrators

OBIEE for End Users

Reporting Options for Oracle E-Business Suite

Workshops are available in:

New York San FranciscoAtlanta DenverDallas Madison

Check our website for full information!

7/29/2019 Ensuring Security in Oracle r12 Financials

46/47

IT Convergence 2010 All rights reserved.

Stay Connected

If you need additional information check out:

Are You Ready for Oracle R12?

The Oracle Application Workshops sponsored by IT

Convergence and the OAUG

http://www.itconvergence.com/portal/page?_pageid=33,8230501&_dad=portal&_schema=PORTALhttp://www.itconvergence.com/workshopshttp://www.itconvergence.com/workshopshttp://www.itconvergence.com/portal/page?_pageid=33,8230501&_dad=portal&_schema=PORTAL

7/29/2019 Ensuring Security in Oracle r12 Financials

47/47