This content has been marked as final. Show 1 reply
The answer to this question depends on the depth of Segregation of Duties conflicts that the customer needs to define. Across many applications, the security model is not very sophisticated and the Roles are very clearly defined. In this case, OIA is able to quickly help set up and manage role-based SoD rules.
When security models in the applications are more sophisticated, and the risks of SoD conflicts become higher, or in the far majority of cases where customers don't really know what exact functions are granted to which roles, role-based SoD alone is often not enough. In those cases, Oracle GRC Application Access Controls Governor (AACG) can provide a much deeper level of SoD conflicts. Specifically for applications like Oracle E-Business Suite and Peoplesoft AACG provides direct out-of-the-box best-practice SoD conflicts predefined at the function level.
You say that you want role based SoD, but our experience from hundreds of customers is that Role-based SoD in Oracle Applications is often not good enough for most auditors. Then you would need to look at AACG.