Manage Approvals

You can manage your approvals using the Oracle Access Governance Console.

Approve or Reject Access Requests with Approvals

You can approve or reject access requests as a approver using the Approvals module in Oracle Access Governance.

You can view details of the access request including the Requestor name,Identity name for whom the access is requested, the resource for which the access is requested, and justification. You can sort the requests by the following fields, in ascending or descending order:

Respond By
Beneficiary
Requestor
Access

In your browser, navigate to the Oracle Access Governance service home page.
On the Oracle Access Governance service home page, click on the icon, then select My Stuff →Approvals to navigate to the Approvals page, which lists access requests requiring your attention. All requests requiring approval will be displayed.
For bulk decision, select check boxes to the left, and select either Approve or Revoke. Add a justification, before confirming your decision.
For individual request approval, click the view icon for a specific request:
- Select the Actions menu, and selectApprove or Reject.
- Select Request information in case additional information is required for this request.

Approving Access Requests with Violations

If you have access requests with segregation of duties or low risk access guardrails violations, these will be flagged with the tag Violations.

For access request with the Violations tag, select the View details icon to view request details.
Click the View details link in the Insights section to review the violations.
Select Approve or Reject button.
For approving, add a justification and select the I understand and accept the violations check box. Violations will be snoozed for the pre-defined number of days. If the violation persists beyond this period, access will be revoked.
Select Confirm.

Preventive Segregation of Duties (SOD) Analysis

Oracle Access Governance allows you to perform preventive segregation of duties (SOD) analysis for Oracle Fusion Cloud Applications orchestrated systems during the provisioning process through integration with Oracle Fusion Cloud Risk Management and Compliance (RMC). Segregation of duties (SOD) separates activities such as approving, recording, and processing tasks so an enterprise can more easily prevent or detect unintentional errors and willful fraud. SOD constrains duties across roles so that unethical, illegal, or damaging activities are less likely.

Segregation of Duties Analysis in Oracle Access Governance

When you configure an Oracle Fusion Cloud Applications orchestrated system you have the option to enable Oracle Fusion Cloud Risk Management and Compliance (RMC) integration. Oracle Fusion Cloud Risk Management and Compliance (RMC) is a security and audit solution that controls user access to your Oracle Cloud ERP financial data, monitors user activity, and makes it easier to meet compliance regulations through automation. One of the features of RCMS is the use of controls to analyze SOD analysis within the Oracle Fusion Cloud Applications orchestrated system.

To enable Oracle Fusion Cloud Risk Management and Compliance (RMC) within Oracle Access Governance you should meet the following requirements:

Configure an Oracle Fusion Cloud Applications orchestrated system to manage permissions.
The Oracle Fusion Cloud Applications instance you are integrating with should have controls configured that define your SOD policies. Oracle Fusion Cloud Risk Management and Compliance (RMC) provides a library of ready-to-use controls for high-risk business processes, such as, AP, AR, GL, Payroll, and Compensation. These controls can be updated to reflect your enterprise using the graphical workbench provided with RMC. For further information, refer to the Oracle Fusion Cloud Risk Management and Compliance (RMC) documentation.

You can enable preventive SOD by configuring your Oracle Fusion Cloud Applications orchestrated system following the instructions in Integrate with Fusion Cloud Applications or Configure Orchestrated System Account Settings.

Once configured, Oracle Access Governance will use Oracle Fusion Cloud Risk Management and Compliance (RMC) to check for SOD violations when a user makes an access request for an access bundle. When you make the request, a Preventive SOD Analysis activity is started, which can be monitored in the Activity Log. This activity will make a check against Oracle Fusion Cloud Risk Management and Compliance (RMC) for any controls indicating that an SOD violation has taken place for the user and access requested. The Preventive SOD Analysis process runs asynchronously and returns results to the access request. The following rules apply to this process:

Preventive SOD Analysis can only run against a user that has already been created in Oracle Fusion Cloud Applications and is available to the Oracle Fusion Cloud Risk Management and Compliance (RMC) engine. Once this user is provisioned, any access requests made by the user will be analyzed by RMC if this option is enabled.
Only one Preventive SOD Analysis task can run for a particular user at any one time. If your user creates a second access request while the Preventive SOD Analysis task from a previous access request is still running, then the second RMC request will fail. Other reasons why Preventive SOD Analysis task might fail include RMC unavailable, and no user account in Oracle Fusion Cloud Applications.
Preventive SOD analysis is supported for requests for access bundles. Access requests for Oracle Access Governance roles are not supported for SOD analysis.

Example: Preventive Segregation of Duties in Oracle Access Governance

Let's look at an example of preventive segregation of duties in Oracle Access Governance in action. Consider the example where a user in your organization is promoted from AR Analyst to AR Manager. In order to carry out their new duties, the user requests access to the AR Manager access bundle in Oracle Access Governance.

When the access request is made, a Preventive SOD Analysis task is run for that user and RMC identifies some SOD violations which are flagged in the access request. An example of such a violation might be:

The user's current permissions allow them Create User on Oracle Fusion Cloud Applications ERP, while the access bundle requested includes Manage Compensation.

This combination of permissions has a potential for payroll fraud by creating ghost employees and setting compensation. This conflict is flagged in the access request, so that the approver can review the information in the request, and log into RMC for further information if required. On this basis the approver can make an informed decision on whether to approve or reject the request, or to request further information from the person requesting the access.

Title and Copyright Information

Oracle and/or its affiliates.

Documentation Accessibility

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

Access to Oracle Support

Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.