Global Conditions
The simulation feature in Oracle Application Access Controls Governor (AACG) does not filter out false positives associated with Global Conditions because Oracle support states that there is an incident, however, the incident is “closed” by the system because there is a global condition defined to exclude the incident from SOD incident views and reports. This makes sense; however, apparently you can’t filter on closed incidents when you create a Simulation. As a result, Simulation includes all of the false positives you attempt to eliminate by defining these Global Conditions.
Menu and Function Exclusions to Responsibilities
Next, we have the issue where Simulation does not take into account the menu and function exclusions you define when you create a custom Oracle Responsibilities. It is a best practice to use menu and function exclusions when you define custom responsibilities; however, Simulation does not take this into account.
Generating Remediation Steps
If you attempt to actually use Simulation to help you identify your Remediation Steps, most likely you will include Remediation Steps for false-positives. Moreover, most companies don’t copy and rename every single menu in Oracle and you can’t simply remove a function from an Oracle standard menu. Moreover, using Simulation there is no way to generate a Remediation Step to remove a function or a menu from an Oracle custom responsibility.
The simulation feature in Oracle Application Access Controls Governor (AACG) does not filter out false positives associated with Global Conditions because Oracle support states that there is an incident, however, the incident is “closed” by the system because there is a global condition defined to exclude the incident from SOD incident views and reports. This makes sense; however, apparently you can’t filter on closed incidents when you create a Simulation. As a result, Simulation includes all of the false positives you attempt to eliminate by defining these Global Conditions.
Menu and Function Exclusions to Responsibilities
Next, we have the issue where Simulation does not take into account the menu and function exclusions you define when you create a custom Oracle Responsibilities. It is a best practice to use menu and function exclusions when you define custom responsibilities; however, Simulation does not take this into account.
Generating Remediation Steps
If you attempt to actually use Simulation to help you identify your Remediation Steps, most likely you will include Remediation Steps for false-positives. Moreover, most companies don’t copy and rename every single menu in Oracle and you can’t simply remove a function from an Oracle standard menu. Moreover, using Simulation there is no way to generate a Remediation Step to remove a function or a menu from an Oracle custom responsibility.
No comments:
Post a Comment