1 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Graphic Section Divider
May 11, 2015
1 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Graphic Section Divider
2 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Fusion Applications Secure
Out of the Box
Nigel King, VP Fusion Applications
Functional Architecture
3 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Safe Harbor Statement
"Safe Harbor" Statement: Statements in this press release relating to Oracle's or its Board of Directors’ future plans, intentions
and prospects are "forward-looking statements" and are subject to material risks and uncertainties. Many factors could affect
our current expectations and our actual results, and could cause actual results to differ materially. We presently consider the
following to be among the important factors that could cause actual results to differ materially from expectations: (1)
Economic, political and market conditions, including the recent global economic and financial crisis, could adversely affect our
business, operating results or financial condition, including our revenue growth and profitability, through reductions in
customer IT budgets and expenditures and through the general tightening of access to credit. (2) We may fail to achieve our
financial forecasts due to such factors as delays or size reductions in transactions, fewer large transactions in a particular
quarter, unanticipated fluctuations in currency exchange rates, delays in delivery of new products or releases or a decline in
our renewal rates for software license updates and product support. (3) We cannot assure market acceptance of new products
or services or new versions of existing or acquired products or services. (4) We have an active acquisition program and our
acquisitions may not be successful, may involve unanticipated costs or other integration issues or may disrupt our existing
operations. (5) Our international sales and operations subject us to additional risks that can adversely affect our operating
results, including risks relating to foreign currency gains and losses and risks relating to compliance with international and
U.S. laws that apply to our international operations. (6) Intense competitive forces demand rapid technological advances and
frequent new product introductions and could require us to reduce prices or cause us to lose customers. A detailed discussion
of these factors and other risks that affect our business is contained in our SEC filings, including our most recent reports on
Form 10-K and Form 10-Q, particularly under the heading "Risk Factors." Copies of these filings are available online from the
SEC or by contacting Oracle Corporation's Investor Relations Department at (650) 506-4073 or by clicking on SEC Filings on
Oracle’s Investor Relations website at http://www.oracle.com/investor. All information set forth in this release is current as of
October 7, 2009. Oracle undertakes no duty to update any statement in light of new information or future events.
4 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Program Agenda
• About Fusion Applications Security
• Secure Out of the Box
• Demonstration: Chief Security Officer
• Q&A
5 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Fusion Applications Security
Who Does What?
Role-Based Access
Reference Implementation
Oracle Identity Management
Role-Based Access + Comprehensive & Integrated Process
6 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Fusion Applications
• Complete
• Open
• Integrated
• Best-in-class
Powered by Fusion Middleware
7 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Fusion Security Delivers
Reduced
Risk
Reduced
Administrative Costs
Increased
Productivity
o Secure “Out of the Box” o Secure across tools and
transformations
o Secure across the
information lifecycle
o Integrated SOD Testing
o Self service provisioning
and automated on-boarding
o Transparent security
policies
o Standards based and
integrated security model
o Easier to make new
employees productive
o Regulatory compliance is
easier and cheaper
o Easier for management to
review and approve access
o Single sign on across apps
8 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Fusion Applications Security The model is not so different…
• Yes, we externalized security to Fusion Middleware, LDAP and OPSS
• But we paid a lot of attention to the consistency in Fusion
E-Business Suite
Job Role
Data Role
Duty Role
Privilege
Permission
PeopleSoft
Top Level Menu
Employee ID + Role
Role(s)
Permission Lists
Executable
Top Level Menu
Responsibility
Sub Menu
Form Function
Executable
9 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Program Agenda
• About Fusion Applications Security
• Secure Out of the Box
• Demonstration : Making a New Hire Productive
• Q&A
10 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Secure Out of the Box
1. Role Based Access
2. Integration with Governance Risk and Compliance
3. Transparent Security Policies
4. Pervasive Privacy Protections
5. Secure Across the Information Lifecycle
6. Automated Workflows for Account and Role Provisioning
7. Enforcement Across Tools and Transformations
8. Comprehensive Reference Implementation
9. Complete Audit of Security Changes
10. Co-existing with your current Security Infrastructure
11 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
You need to hire a “Procurement Manager”
for your German Operations…
Vision
Enterprises
Vision Germany Vision US
You have
Operations in
Germany & the US
Role Based Access
12 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
1
1 2
2 3
3
4 4
4 4
All Duties assigned under Job Role
Job Posting FA Job Def Screen
Job Title Job Role
Line in Job Description Duty
13 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Fusion Automatically Creates Business Unit
specific Roles
Job Role Data Role = Job + Data Access
Procurement Manager Procurement Manager – Germany
Procurement Manager – US
14 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Meet Doris
She applies for the
job…
15 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Doris is hired…
For doing the job she was hired for..
For doing what all employees do
•Expense Reports
• Purchase Requisitioner
Duty Roles
Job Roles
Procurement Manager
Buyer Mgt Duty
PO Changes Duty
Procurement
Manager -
Germany
Procurement
Manager -
US Data Roles
Duty Roles
Abstract Role
Employee
Enter Expenses Enter
Requisitions
16 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
What can Doris do and view ?
Duties
Provide
Access to
Screens,
Reports,
Dashboards
Via
Privileges
Roles Provide
Access to data
behind the
screens
Via Data
Security
17 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Doris Starts Using Fusion Apps
She starts work…
Sees only the Tasks she is entitled to.
Sees only data for Vision Germany.
18 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Menu Items
19 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Tasks
20 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Buttons, Regions and Actions
20
Controls access to work areas, dashboards, task flows, reports, services
21 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Segregation of Duties
(SOD)
respected during role
provisioning
you choose enforcement
Secure OOTB: Integration with GRC
22 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Secure OOTB: Transparent Security Policies
23 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Secure OOTB: Pervasive Privacy Protections
• Fusion Applications always protect personally identifiable
information (PII)
• PII = any piece of information which can potentially be used
to uniquely identify, contact, or locate a single person.
– Social Security Number (SSN)
– Driver’s license number
– State or National Identifier (Identification Card number)
– Passport Number
– Account number, credit card number (CCN) or debit card number
– Home or Physical address (e.g street address)
– Email address
– Telephone number
24 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Secure OOTB: Secure Across Info Lifecycle
• Sensitive data in file system and backups (data-at-rest) protected using Transparent Data Encryption
• Sensitive data in cloned, non-production databases protected using Oracle Data Masking
• Sensitive data protected from database administrators and other privileged users using Oracle Database Vault
25 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Secure OOTB: Account & Role Provisioning
• Lower Risks
• Lower Costs
• Greater Productivity
Fusion HR System
Provisioning Approval Workflows
Employee Joins / Leaves
Applications
GRANT
REVOKE
GRANT
REVOKE
GRANT
REVOKE
Oracle Identity Manager
Risk
Compliance
Governance
Fusion GRC Controls
26 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Secure OOTB: Enforcement Across Tools
• Defined Once. Used Everywhere.
• Same policies used across technologies
– ADF
– Enterprise Search
– Business Intelligence
– Reporting
– Mobile
– Web Services
Common Security Services
27 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Secure OOTB: Reference Implementation
roles you will recognize
as jobs
hierarchy of duties
data security policies
SOD Policies
Provisioning Events Authorization Policy Manager
APM
to extend
new jobs
new duties
OOTB
28 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Secure OOTB: Audit of Security Changes
• Who made what
changes, when
Manage Audit Policies
Oracle Platform Security Services
29 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Secure OOTB: Co-existing with your current
Security Infrastructure
29
Identity Provider
Existing
Identity
Management
Infrastructure
Custom
Applications
Service Providers
authentication
Service access
Allows a user to log in once & access all
applications…
OID
Federation
Enabled
Applications
Unlimited
30 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Secure Out of the Box
1. Role Based Access
2. Integration with Governance Risk and Compliance
3. Transparent Security Policies
4. Pervasive Privacy Protections
5. Secure Across the Information Lifecycle
6. Automated Workflows for Account and Role Provisioning
7. Enforcement Across Tools and Transformations
8. Comprehensive Reference Implementation
9. Complete Audit of Security Changes
10. Co-existing with your current Security Infrastructure
31 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Program Agenda
• About Fusion Applications Security
• Secure Out of the Box
• Demonstration: Making a New Hire Productive
• Q&A
32 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Demonstration
33 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Security Flow
• Set up security profile
• Create data role
• Create role provisioning rule
• Create Employee
34 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
35 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
36 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
37 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
38 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
39 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
40 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
41 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
42 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
43 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
44 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
45 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Security Flow
• Set up security profile
• Create data role
• Create role provisioning rule
• Create Employee
46 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
47 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
48 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
49 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
50 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
51 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
52 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
53 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
54 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
55 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
56 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
57 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
58 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
59 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
60 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
61 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
62 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
63 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
64 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
65 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
66 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
67 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
68 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
69 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
70 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
71 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
72 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Security Flow
• Set up security profile
• Create data role
• Create role provisioning rule
• Create Employee
73 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
74 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
75 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
76 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Security Flow
• Set up security profile
• Create data role
• Create role provisioning rule
• Create Employee
77 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
78 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
79 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
80 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
81 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
82 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
83 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
84 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
85 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
86 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
87 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
88 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
89 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Fusion Security Delivers
Reduced
Risk
Reduced
Administrative Costs
Increased
Productivity
90 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Q&A
91 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
92 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
93 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.