In Oracle ERP/HCM Cloud there has been a long standing risk with the Employee Role, a role which on the face of it should just handle tasks such as Time Entry, Expenses, Vacation/PTO requests etc. The reality is that this role has been granted way too much access in it's delivered state. Giving the users attached the ability to upload data, manage the delegation of their own security and more. This role was over-provisioned and being so central has been used in every environment we have evaluated.
If you have been aware of these issues, you have been fortunate and no doubt had the opportunity to create a new Employee role, for everyone else, the access has been a major surprise!
Thankfully, Oracle has committed to changing the Employee role for 2022, and while we wait for confirmation on the final design, you should be aware that this change is coming. If you are using this role, you should be aware that all users with it will be impacted by the change when it arrives.
If you cannot wait, this role should be copied and its access restricted to the kids of policies you wish your employees to have. This should restrict any processes that interfere with the security provisioning process and the ability to upload data that can impact your financial and other sensitive areas.
If you need help further understanding the implications of this role (and at least 11 more) please reach out, we have reviewed the delivered roles and many of them create segregation of duty and other risks to your processes.
If you are struggling to implement a program for effective Controls in your Oracle (and more) Applications, Seecuring provides a subscription based service that provides:
Segregation of Duties
User Access Reviews
Patch Impact Analysis & Configuration Changes
We have been working with ERP/HCM Applications since the early 2000's, and work with leading CPA's, Audit staff and Application specialists to deliver a complete solution.
Before you invest in expensive Software, why not look at GRC as a Service? Faster delivery, lower cost, and more than just reports on your issues - we help Organizations achieve their goals for Internal Controls.
To discuss your requirements, you can schedule a call with us: