Resources
Understanding Role Delegations in Oracle ERP/HCM Cloud
Fraud and Data Loss - one and the same?
Securing the Financial Close
Changes to Password Resets in Oracle ERP/HCM Cloud
Oracle Cloud ERP/HCM Applications are in a constant changing state, with core functionality still being updated here in early 2021.
It's safe to say that in every other on-prem Application that the core foundations of these Applications (think E-Business Suite, PeopleSoft, JD Edwards and so on) have stayed the same for years. Changes to Security were not common due to the fact that making changes would require you to 'redo' your Roles and Permissions to accommodate these changes.
The real changes came in the form of bolstering the Password lengths and password policies to meet modern standards and requirements for new Policies.
So while Oracle Cloud Applications have been available for some time, there are still a number of changes taking place, and we continue to monitor those through our Patch Impact Analysis Service. For this Post we will discuss how the ability to 'customize' the Security Console has been taken away.
If you are not familiar with the Security Console, it is the functionality within the Application that lets you administer Users and Roles - assuming you are not using any Identity Management solution to do that.
This part of the Application allows you to create and edit Roles (of all kinds), their Privileges and the Data Security, as well as creating and administering new Users.
We did write a post about how your Users can delegate Security to others from another part of the Application, which is a Risk that should be put on your list to implement Controls around.
Implications for resetting Passwords
One of the great features of the Security Console was that it could be customized so that you essentially lock down your Helpdesk Users to only allow them certain abilities to create new Users or reset Passwords.
This functionality is now gone..
If your Users have access to the Security Console, then they have the ability to administer Security and all that it entails.
The Role of Identity Management and Good Controls
If you have been putting off an implementation of an Identity Management/Provisioning solution the Risks posed by these changes to the Oracle Applications should help the driver of such an investment!
If you are struggling to identify and manage your User's access within Oracle Applications, Seecuring provides a Managed Service that combines the best of Technology with Services from some of the top GRC experts to not only find your issues, but help you remediate them and keep your Security and Controls strong.
There is an 'idea' on Oracle Customer Cloud Connect where you view a proposed solution and vote on it for Oracle to (hopefully) pick up and change here.
Effective Controls
If you are struggling to implement a program for effective Controls in your Oracle (and more) Applications, Seecuring provides a subscription based service that provides:
Segregation of Duties
Sensitive Access
User Access Reviews
Patch Impact Analysis & Configuration Changes
Application Security & Audit Training and Best Practice assistance
We have been working with ERP/HCM Applications since the early 2000's, and work with leading CPA's, Audit staff and Application specialists to deliver a complete solution.
Before you invest in expensive Software, why not look at GRC as a Service? Faster delivery, lower cost, and more than just reports on your issues - we help Organizations achieve their goals for Internal Controls.
To discuss your requirements, you can schedule a call with us:
Or, reach out to us below if you want to get your Application's under control: