Manage Approvals

You can manage your approvals using the Oracle Access Governance Console.

Manage Approvals

You can manage your approvals using the Oracle Access Governance Console.

  1. In your browser, navigate to the Oracle Access Governance service home page.
  2. On the Oracle Access Governance service home page, click on the navigation menu icon, then select My Stuff →Approvals to navigate to the Approvals page, which lists access requests requiring your attention. All requests requiring approval will be displayed. Requests are listed as one access per row. If a request is made for multiple accesses, for example access to a database, a directory, and a cloud service, then this will be displayed as 3 rows requiring separate approvals in your approval list.
  3. Details of the access request displayed include the Requestor, the name of the Identity for whom the request is made, the Access, and Justification. Requests can be sorted by the following fields, in ascending or descending order:
    • Respond By
    • Beneficiary
    • Requestor
    • Access
    You can select requests using the checkboxes to the left, and either Approve or Revoke by clicking the corresponding buttons. You will be given the opportunity to add a justification, before confirming your decision.

    Alternatively, you can click on the view button for a specific request and view additional details such as Access request trail and Access history. You can make an approval decision in the view details page by selecting the Actions menu, and selecting Approve or Reject. You will be given the opportunity to add a justification, before confirming your decision. You can also request further information about the access request is required by selecting this option from the Actions menu.

    If you have access requests with segregation of duties violations, these will be flagged. You cannot directly approve these requests, you must select View details to display the details page for the request where you can review the violations before taking action.

Preventive Segregation of Duties (SOD) Analysis

Oracle Access Governance allows you to perform preventive segregation of duties (SOD) analysis for Oracle Fusion Cloud Applications orchestrated systems during the provisioning process through integration with Oracle Fusion Cloud Risk Management and Compliance (RMC). Segregation of duties (SOD) separates activities such as approving, recording, and processing tasks so an enterprise can more easily prevent or detect unintentional errors and willful fraud. SOD constrains duties across roles so that unethical, illegal, or damaging activities are less likely.

Segregation of Duties Analysis in Oracle Access Governance

When you configure an Oracle Fusion Cloud Applications orchestrated system you have the option to enable Oracle Fusion Cloud Risk Management and Compliance (RMC) integration. Oracle Fusion Cloud Risk Management and Compliance (RMC) is a security and audit solution that controls user access to your Oracle Cloud ERP financial data, monitors user activity, and makes it easier to meet compliance regulations through automation. One of the features of RCMS is the use of controls to analyze SOD analysis within the Oracle Fusion Cloud Applications orchestrated system.

To enable Oracle Fusion Cloud Risk Management and Compliance (RMC) within Oracle Access Governance you should meet the following requirements:
  1. Configure an Oracle Fusion Cloud Applications orchestrated system to manage permissions.
  2. The Oracle Fusion Cloud Applications instance you are integrating with should have controls configured that define your SOD policies. Oracle Fusion Cloud Risk Management and Compliance (RMC) provides a library of ready-to-use controls for high-risk business processes, such as, AP, AR, GL, Payroll, and Compensation. These controls can be updated to reflect your enterprise using the graphical workbench provided with RMC. For further information, refer to the Oracle Fusion Cloud Risk Management and Compliance (RMC) documentation.

You can enable preventive SOD by configuring your Oracle Fusion Cloud Applications orchestrated system following the instructions in Integrate with Fusion Cloud Applications or Configure Orchestrated System Account Settings.

Once configured, Oracle Access Governance will use Oracle Fusion Cloud Risk Management and Compliance (RMC) to check for SOD violations when a user makes an access request for an access bundle. When you make the request, a Preventive SOD Analysis activity is started, which can be monitored in the Activity Log. This activity will make a check against Oracle Fusion Cloud Risk Management and Compliance (RMC) for any controls indicating that an SOD violation has taken place for the user and access requested. The Preventive SOD Analysis process runs asynchronously and returns results to the access request. The following rules apply to this process:
  • Preventive SOD Analysis can only run against a user that has already been created in Oracle Fusion Cloud Applications and is available to the Oracle Fusion Cloud Risk Management and Compliance (RMC) engine. Once this user is provisioned, any access requests made by the user will be analyzed by RMC if this option is enabled.
  • Only one Preventive SOD Analysis task can run for a particular user at any one time. If your user creates a second access request while the Preventive SOD Analysis task from a previous access request is still running, then the second RMC request will fail. Other reasons why Preventive SOD Analysis task might fail include RMC unavailable, and no user account in Oracle Fusion Cloud Applications.
  • Preventive SOD analysis is supported for requests for access bundles. Access requests for Oracle Access Governance roles are not supported for SOD analysis.

Example: Preventive Segregation of Duties in Oracle Access Governance

Let's look at an example of preventive segregation of duties in Oracle Access Governance in action. Consider the example where a user in your organization is promoted from AR Analyst to AR Manager. In order to carry out their new duties, the user requests access to the AR Manager access bundle in Oracle Access Governance.

When the access request is made, a Preventive SOD Analysis task is run for that user and RMC identifies some SOD violations which are flagged in the access request. An example of such a violation might be:
  • The user's current permissions allow them Create User on Oracle Fusion Cloud Applications ERP, while the access bundle requested includes Manage Compensation.

This combination of permissions has a potential for payroll fraud by creating ghost employees and setting compensation. This conflict is flagged in the access request, so that the approver can review the information in the request, and log into RMC for further information if required. On this basis the approver can make an informed decision on whether to approve or reject the request, or to request further information from the person requesting the access.