As part of their ongoing Sarbanes-Oxley compliance efforts, Companies have determined they needed to fully assess their process for managing user access to company resources, and have a process that could be quickly implemented to manage the entire life-cycle of enterprise identities within the organization.
Prior to R12 , this was requirement
Customer wants the query to find out the relationship between User - Responsibility - Menu - Sub-menu - Function in one query.
This data is needed for the audit purpose. Their auditors wants to check for user which all functions are attached. Depending on this data they will decide what functions to remove from that user.
Considering SOX and such Auditor Requirement, in Release 12.1, there is enhancements in the user management area to provide more information on the security infrastructure, and this enhancement is a 360 degree view of the security entities and extensive reporting on these objects to ensure SOX compliance.
Fundamental questions like which users are assigned the security administrator role, who assigned the role, and what data security grants are made available.
Administrators with the UMX Security Administrator Role can now query the security infrastructure to know which users have access to what items.
The reports that are generated can be in multiple formats, and can be used for SOX compliance and run periodically.
SOX Compliance RBAC Reports
- Its report is based out of security infrastructure which includs function and data security
- The whole concept is W3H system that means “Who, What, Why, How” which is a foundation for an auditing and querying tool for 360-degree view.
W3H system is broadly aimed at:
- Auditors of Oracle Applications.
- Oracle Support, who can use this tool for diagnosis
- Developers of the Oracle E-Business suite products who would like to query the Security system.