In Oracle Fusion Applications (ERP/HCM and so on) the main area for Security management is the Security Console, and you would be forgiven for thinking this is the only place to manage your Users and Roles.
However, there is another area of the Application to factor in when designing your Security support system - Role Delegations
As the name suggests, this allows for Users to delegate Roles to other Users.
It's easy to describe what this part of the Application does, and why delegation might be of use:
* Someone is going on vacation and needs to delegate their tasks to someone else
* An individual is sick and it is decided that someone needs to take on their responsibilities
If we consider this process though, it should still fall under the central management of Security Design. The reality is that it doesn't.
Role Delegations is a separate function within the Application that takes the management of delegations outside of the Security Console.
Role Delegations in the Navigator:
* As a User in the Application you can delegate a Role to another User
* You can enter a start date and end date
* This functionality is contained within a number of delivered/seeded Roles - most Users will be able to perform Role Delegation
* The Role being delegated is not just delegated for the User being selected - it is being marked for delegation for any User
This last point is important due to a misunderstanding, many customers that we talk to have believed that in this process the Role being delegated is being done so exclusively for the User and that Role. In other words, the Role is only being made available for delegation to the User who is delegating.
The reality is that when you or any other User delegates a Role to another User, that Role becomes available for delegation to any other User.
Should you have a separate place in your Application? Should the function of granting Roles (and thereby Security) be a process that people beyond your dedicated Security personnel?
The answer should be no!
The ability to delegate is found in a number of Privileges and as of Release 2020, a number of delivered/seeded Roles including the main Employee Role grant access.
If you are struggling to implement a program for effective Controls in your Oracle (and more) Applications, Seecuring provides a subscription based service that provides:
Segregation of Duties
User Access Reviews
Patch Impact Analysis & Configuration Changes
We have been working with ERP/HCM Applications since the early 2000's, and work with leading CPA's, Audit staff and Application specialists to deliver a complete solution.
Before you invest in expensive Software, why not look at GRC as a Service? Faster delivery, lower cost, and more than just reports on your issues - we help Organizations achieve their goals for Internal Controls.
To discuss your requirements, you can go here, or you can schedule a call with us: