1 Reply Latest reply: Feb 15, 2011 5:44 AM by steve hagner - oracle RSS

    Client got Oracle Identity Analytics & Oracle GRC - Which SOD engine to use

      This is regarding a current proposal we are working on for a telecom client. They have following tool available

      TIM - Tivoli Identity Manager
      Oracle GRC
      Application - Oracle EBS and other applications

      In order to define the role based access controls across enterprise application level, we are proposing for OIA - Oracle Identity Analytics.

      Q: We need clarity on which SOD engine should be used if both Oracle Identity Analytics and Oracle GRC are part of the solution as they both are very robust solutions for enforcing SOD.
        • 1. Re: Client got Oracle Identity Analytics & Oracle GRC - Which SOD engine to use
          steve hagner - oracle
          The answer to this question depends on the depth of Segregation of Duties conflicts that the customer needs to define. Across many applications, the security model is not very sophisticated and the Roles are very clearly defined. In this case, OIA is able to quickly help set up and manage role-based SoD rules.

          When security models in the applications are more sophisticated, and the risks of SoD conflicts become higher, or in the far majority of cases where customers don't really know what exact functions are granted to which roles, role-based SoD alone is often not enough. In those cases, Oracle GRC Application Access Controls Governor (AACG) can provide a much deeper level of SoD conflicts. Specifically for applications like Oracle E-Business Suite and Peoplesoft AACG provides direct out-of-the-box best-practice SoD conflicts predefined at the function level.

          You say that you want role based SoD, but our experience from hundreds of customers is that Role-based SoD in Oracle Applications is often not good enough for most auditors. Then you would need to look at AACG.