Leveraging Oracle Access Governance for User Permissions Management in Oracle Fusion HCM and ERP

 

Introduction

Oracle Access Governance is a cloud-native identity governance and administration (IGA) service designed to provide enterprise-wide visibility and control over access to both cloud and on-premises environments. By deploying Access Governance, Oracle Fusion and Fusion ERP customers can effectively manage the entire lifecycle of user accounts, including user permissions and security contexts within Fusion ERP.

Integration Modes

Oracle Access Governance can be integrated with Oracle Fusion Cloud Applications in two distinct modes:

  1. Authoritative Source Mode: In this mode, Oracle Access Governance retrieves identity data from Oracle Fusion Cloud Applications, serving as an authoritative (trusted) source of identity information.
  2. Managed Systems Configuration Mode: This mode allows Oracle Access Governance to manage HCM and ERP user profile records within Oracle Fusion Cloud Applications. This capability enables the provisioning of new accounts in Oracle Fusion Cloud Applications directly from Oracle Access Governance.

Access Bundles for Permission Management

Oracle Access Governance users can request access to Fusion and Fusion ERP resources through defined roles and Access Bundles. Access Bundles are constructs within Access Governance that consolidate permissions, packaging access to resources, application features, and functionality into a requestable unit. These bundles can be dynamically auto-assigned via policy or through manual requests.

Creating an Access Bundle

To create an Access Bundle, follow these steps:

  1. Navigate to the Access Control section within Access Governance.
  2. Select Create Access Bundle from the access bundle screen menu.

  1. Select the orchestrated system (e.g., Oracle Fusion system).

  1. Choose the relevant Fusion ERP permissions.

  1. Add owners to the access bundles.
  2. Provide additional details such as Security Contexts for each permission.

  1. Confirm all details and submit the access bundle for creation.

Once created, access bundles can be assigned via the request and approval workflow process or through a policy-driven process.

Summary

Oracle Access Governance offers a comprehensive integration with Oracle Fusion and Oracle Fusion ERP through its API integration capabilities. This allows for integration at both the permission and security context levels, unlike most third-party governance solutions that rely on flat-file integration. Flat-file type integration adds additionally effort and complexities. Oracle Access Governance supports a wide range of authoritative sources and managed systems, making it a valuable tool especially for Oracle Fusion HCM and ERP customers to manage their user accounts and permissions efficiently.

For more information, please refer to the following resources:

Access Governance Documentation

https://docs.oracle.com/en/cloud/paas/access-governance/index.html

Access Governance Fusion Integration

https://docs.oracle.com/en/cloud/paas/access-governance/iofha/index.html#articletitle