Oracle Cloud Administering Access Control for Oracle Enterprise Performance Management Cloud E

Similar documents
Oracle Cloud Administering Access Control for Oracle Enterprise Performance Management Cloud E

Oracle Enterprise Performance Management System Addendum. Release

Configuring Single Sign-On for Oracle Enterprise Performance Management Cloud. Configuring Single Sign-On Between EPM Cloud and NetSuite

Oracle Data Relationship Management

NS Connector! Seamlessly Integrate the Data Flow Between Your Projects and Financials with HOW DOES CONNECTOR WORK? WHAT CAN CONNECTOR DO FOR ME?

Oracle. Sales Cloud Using Sales Cloud for Outlook. Release 13 (update 17D)

Oracle. SCM Cloud Implementing Supply Chain Planning. Release 13 (update 18A)

Oracle SCM Cloud Implementing Supply Chain Planning. Release 13 (update 18C)

Oracle Utilities Customer Care and Billing Release Utility Reference Model Apply Miscellaneous Charges

Taleo Enterprise Performance Review Ratings Orientation Guide Release 17

Contents Introduction... 5 Where to Get Documentation... 5 Where to Get Training... 5 Where to Get Support... 6 Legal Notices... 7

Oracle Hospitality ecommerce Integration Cloud Service Release Notes Release 18.1 E

Taleo Enterprise Fluid Recruiting User Guide Release 17

Oracle SCM Cloud. Release 11. Getting Started with Your Manufacturing and Supply Chain Management Implementation O C T O B E R

Oracle Service Logistics Cloud Using Service Logistics Cloud 19A

Oracle. SCM Cloud Getting Started with Your Manufacturing and Supply Chain Materials Management Implementation. Release 13 (update 17D)

Oracle Utilities Customer Care & Billing Release Utility Reference Model Establish and Maintain Net Energy Metering Service

Oracle Hospitality Inventory Management Mobile Solutions. Quick Reference Guide

Oracle Revenue Management and Billing. Upgrade Path Guide. Version Revision 13.0

Oracle Hospitality Suites Management User Guide. Release 3.7

Oracle Cloud Using the Oracle Enterprise Performance Management Adapter with Oracle Integration Cloud

Oracle. SCM Cloud Getting Started with Your Manufacturing and Supply Chain Materials Management Implementation. Release 13 (update 18B)

Oracle Hospitality Simphony First Edition Venue Management (SimVen) Reports User Guide Release 3.8 Part Number: E

Taleo Enterprise Fluid Recruiting User Guide Release 17.2

ABS-POS EMS Functionality ABS-POS EMS Functionality Date: 24th September 2009

Oracle Supply Chain Planning Cloud. Release 13 (updates 18A 18C) New Feature Summary

Oracle Hospitality Hotel Mobile Release Notes Release 1.0 E June 2016

Oracle Value Chain Execution Cloud Implementing Supply Chain Financial Orchestration. Release 9

BlackBerry User Guide

Oracle. SCM Cloud Administering Pricing. Release 12. This guide also applies to on-premises implementations

This document provides links to resources that will help you use EnterpriseTrack.

Oracle Utilities Opower Bill Ready Notification Cloud Service

Oracle Retail MICROS Stores2 Functional Document Sales - Cash Rounding Release September 2015

Oracle Project Portfolio Management and Grants Management Cloud Security Reference. Release 13 (update 17D) Part Number E

Oracle. Talent Management Cloud Using Goal Management. Release 13 (update 17D)

Oracle. SCM Cloud Using Maintenance. Release 13 (update 18B)

Oracle. Talent Management Cloud Using Talent Review and Succession Management. Release 12. This guide also applies to on-premises implementations

Oracle. Talent Management Cloud Using Career Development. Release 13 (update 17D)

New Features in Primavera Gateway 14.2

Oracle Hospitality Cruise Shipboard Property Management System Maintenance User Guide Release 8.0 E

Oracle Manufacturing Cloud. Release 13 (updates 18A 18C) New Feature Summary

Oracle Procurement Cloud Security Reference. Release 13 (update 17D) Part Number E

Oracle Communications Pricing Design Center

Oracle. Global Human Resources Cloud Implementing Payroll Costing. Release 13 (update 17D)

Oracle Retail MICROS Stores2 Functional Document Fidelity - Point Redemption with Heading Discount Release September 2015

Monitoring Oracle Java CAPS Business Processes

New Features in Primavera Contract Management 14.1

Oracle. SCM Cloud Using Supply Chain Orchestration. Release 12. This guide also applies to on-premises implementations

Transaction Based Usage Costs

Oracle. Global Human Resources Cloud Implementing Payroll Costing. Release 13 (update 18B)

Oracle Enterprise Manager. 1 Where To Find Installation And Upgrade Documentation

Oracle. Talent Management Cloud Implementing Career Development. Release 13 (update 17D)

Oracle. Talent Management Cloud Using Talent Review and Succession Management. Release 13 (update 17D)

Oracle. SCM Cloud Using Supply Chain Collaboration. Release 13 (update 17D)

Oracle. Global Human Resources Cloud Implementing Payroll Costing. Release 13 (update 18A)

CRM On Demand. Configuration Guide for Oracle CRM On Demand Life Sciences Edition

Oracle Cloud What's New for Oracle Big Data Cloud Service. Version

What s New for Oracle Big Data Cloud Service. Topics: Oracle Cloud. What's New for Oracle Big Data Cloud Service Version

Oracle Hospitality InMotion Mobile. Quick Reference

Oracle. SCM Cloud Implementing Supply Chain Planning. Release 12. This guide also applies to on-premises implementations

Oracle Procurement Cloud Subject Areas for Transactional Business Intelligence in Procurement 19A

Oracle. SCM Cloud Implementing Supply Chain Planning. Release 13 (update 17D)

Oracle. SCM Cloud Using Supply Chain Financial Orchestration. Release 13 (update 18A)

Oracle Warehouse Management Cloud. Getting Started Guide Release 8.0 Part No. E

Oracle. Talent Management Cloud Using Performance Management. Release 13 (update 17D)

Oracle Procurement Cloud Security Reference

Oracle. Loyalty Cloud Implementing Loyalty Cloud. Release 13 (update 17D)

Version Ticketing Guide for Business Users. Oracle ATG One Main Street Cambridge, MA USA

Oracle Knowledge Analytics User Guide

Oracle Enterprise Manager

Version /2/2017. Offline User Guide

Oracle Talent Management Cloud Using Career Development 19A

Joint Venture Management Implementation Guide Release 9.2

Oracle Hospitality Suite8 Serviced Apartment Rental Billing Release and higher E December 2017

About Contract Management

Release December 2018

Oracle Hospitality Inventory Management Close Financial Period User Guide Release 9.0 E

Oracle. SCM Cloud Using Supply Chain Financial Orchestration. Release 13 (update 18B)

Siebel Order Management Guide Addendum for Financial Services. Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013

Oracle Procurement Cloud Security Reference. Release 13 (update 18B)

Oracle SCM Cloud Using Supply Chain Financial Orchestration 19A

Oracle. Adaptive Intelligent Apps for CX Getting Started with Adaptive Intelligent Sales 18.10

Oracle. Adaptive Intelligent Apps for CX Getting Started with Adaptive Intelligent Sales 18.10

Oracle Health Sciences Adverse Event Integration Pack for Oracle Health Sciences InForm and Oracle Argus Safety

Oracle. SCM Cloud Using Receiving. Release 13 (update 17D)

Oracle Fusion Product Lifecycle Portfolio Management Using Product Lifecycle Portfolio Management. 11g Release 8 (11.1.8)

Oracle Talent Management Cloud Implementing Career Development 19A

About Oracle Primavera P6 Enterprise Project Portfolio Management

This document provides links to resources that will help you use P6 EPPM.

Oracle Cloud E

Oracle SCM Cloud Security Reference for Supply Chain Planning. Release 13 (update 17D) Part Number E

Oracle. SCM Cloud Administering Pricing. Release 13 (update 17D)

Oracle. SCM Cloud Using Order Promising. Release 13 (update 17D)

Oracle Hospitality RES 3700 Enterprise Management. Installation Guide

Oracle Value Chain Execution Cloud Using Receiving

Oracle. Talent Management Cloud Using Performance Management. Release 13 (update 18B)

Oracle Fusion Applications Project Management, Project Costs Guide. 11g Release 1 (11.1.4) Part Number E

Oracle Big Data Discovery Cloud Service

Oracle Fusion Applications

Oracle Supply Chain Management Cloud Subject Areas for Transactional Business Intelligence in SCM 19A

Transcription:

Oracle Cloud Administering Access Control for Oracle Enterprise Performance Management Cloud E71804-11

Oracle Cloud Administering Access Control for Oracle Enterprise Performance Management Cloud, E71804-11 Copyright 2015, 2018, Oracle and/or its affiliates. All rights reserved. Primary Author: EPM Information Development Team This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agencyspecific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government. This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.

Contents Documentation Accessibility Documentation Feedback 1 Overview of Access Control Opening Access Control 1-1 Managing Groups 1-1 Creating Groups 1-2 Modifying Groups 1-3 Deleting Groups 1-3 Exporting Group Information to a File 1-4 Importing Groups from a File 1-4 2 Managing Application-Level Provisioning Planning and Consolidation Application Roles 2-1 Data Management Roles 2-3 Oracle Enterprise Data Management Cloud Application Roles 2-4 Provisioning a Group or a User 2-4 Deprovisioning a Group or a User 2-5 3 Generating Reports Generating a Provisioning Report for a User or Group 3-1 Generating Service-Level Provisioning Report 3-2 Generating User Login Report 3-3 iii

Documentation Accessibility Documentation Accessibility For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup? ctx=acc&id=docacc. Access to Oracle Support Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/ lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired. iv

Documentation Feedback To provide feedback on this documentation, send email to epmdoc_ww@oracle.com, or, in an Oracle Help Center topic, click the Feedback button located beneath the Table of Contents (you may need to scroll down to see the button). Follow EPM Information Development on these social media sites: LinkedIn - http://www.linkedin.com/groups?gid=3127051&goback=.gmp_3127051 Twitter - http://twitter.com/hyperionepminfo Facebook - http://www.facebook.com/pages/hyperion-epm-info/102682103112642 Google+ - https://plus.google.com/106915048672979407731/ #106915048672979407731/posts YouTube - https://www.youtube.com/user/evolvingbi v

1 Overview of Access Control Access to service components are controlled by the identity domain role granted to the user. Service Administrators can grant application-specific roles to users of planning, consolidation and data management applications to enable them to complete additional tasks in an environment. For example, Service Administrators can grant the Approval Administrator role of a planning or consolidation application to enable a user to perform approvals-related activities. Additionally, Service Administrators can create Native Directory groups comprising identity domain users or other groups. Provisioning such groups enables Service Administrators to grant roles to many users at once, thereby reducing administrative overheads. Application-level provisioning can only enhance the access rights of users; none of the privileges granted by an Oracle Identity Management role can be curtailed by application-level provisioning. Access Control enables you to complete these activities in an environment: Managing Groups Provisioning a Group or a User Generating a Provisioning Report for a User or Group Generating Service-Level Provisioning Report Generating User Login Report Opening Access Control You can assign application-specific roles to groups and users from Access Control, which is available in the Tools card on the Home Page. To open Access Control: 1. Access the service as a Service Administrator. 2. Complete a step: Managing Groups Click Tools and then Access Control. Oracle Profitability and Cost Management Cloud only: Click Application and then Access Control. Oracle Enterprise Data Management Cloud only: Click Access Control. The service uses an internal repository called Native Directory to support applicationlevel provisioning and to store information on the groups that you use during the provisioning process. 1-1

Chapter 1 Managing Groups Creating Groups Native Directory groups are containers for Oracle Identity Management users or other groups. All group members inherit the application roles assigned to a group. To enable you to view user assignments, Native Directory lists the predefined Oracle Enterprise Performance Management Cloud roles as groups. You cannot modify them or provision them from Access Control screens. See Understanding Predefined Roles in Getting Started with Oracle Enterprise Performance Management Cloud for Administrators. Creating Groups Modifying Groups Deleting Groups Exporting Group Information to a File Importing Groups from a File A group can contain Oracle Identity Management users as well as other groups. Only Service Administrators can create and manage groups. To create groups: 2. In Manage Groups, click Create. 3. In Create Group, complete these steps: a. In Name, enter a unique group name (maximum 256 characters). Group names are not case-sensitive. b. Optional: Enter a group description. 4. Optional: Add groups to create a nested group. a. In Available Groups, enter a search string and then click (Search) to locate the groups that you can add as group members. Use * (asterisk) as the wildcard to retrieve all available groups. Groups that match the search criterion are listed under Available Groups. b. From Available Groups, select the member groups for the new group. c. Click Move. The selected groups are listed under Assigned Groups. To remove assigned groups, from Assigned Groups, select the group to remove, and then click Remove. 5. Optional: Add user members to the group. a. Click Users. b. In Available Users, enter a search string and then click (Search) to locate the users (login names) that you can add as group members. Use * (asterisk) as the wildcard to retrieve all available users. c. From Available Users, select the users to add to the group. 1-2

Chapter 1 Managing Groups d. Click Move. 6. Click Save. 7. Click OK. Modifying Groups Deleting Groups Service Administrators can modify group properties. To modify groups: 2. Optional: In Manage Groups, enter a search string and then click to locate the group to modify. 3. Click (Action) in the row of the group you want to modify, and then select Edit. 4. Modify group assignment: a. Optional: Add nested groups: In Available Groups, enter a search string and then click (Search) to locate the groups that you want to add as group members. Use * (asterisk) as the wildcard to retrieve all available groups. From Available Groups, select groups and click Move. Selected groups are listed in the Assigned Groups list. b. Optional: Remove nested groups: From Assigned Groups, select the group to remove. Click Remove 5. Modify user assignment: a. Click Users. b. Optional: Add users to group: In Available Users, enter a search string and then click (Search) to locate the users that you can assign as group members. Use * (asterisk) as the wildcard to retrieve all available users. From Available Users, select users and click Move. Selected users are listed in the Assigned Users list. c. Optional: Remove users from the group: 6. Click Save. 7. Click OK. From Assigned Users, select the users to remove. Click Remove. Deleting a group does not delete the users or groups assigned to it. 1-3

Chapter 1 Managing Groups To delete a group: 2. Optional: In Manage Groups, enter a search string and then click (Search) to locate the group to delete. 3. Click (Action) in the row of the group you want to delete, and then select Delete. 4. Click Yes to confirm the delete operation. 5. Click OK. Exporting Group Information to a File Use this option to export group information to Groups.csv file, which you can use while migrating information from the current environment to another; for example from a development environment to a production environment. To export group information: 2. In Manage Groups, click Export. 3. Follow on-screen instructions to open or save Groups.csv. Importing Groups from a File You can import group information from a Comma Separated Value (.CSV) file to the environment to create groups; for example, to create many groups at once while migrating artifacts across environments. Group names must be unique, and are not case-sensitive. For example, the name group1 is considered identical to GROUP1. The following is a sample Groups.csv file that may be used to create three groups; group1, group2, and group3 where group3 is a nested group within group1: #group,,,, id,provider,name,description,internal_id group1,native Directory,group1,, group2,native Directory,group1,, group3,native Directory,group1,, #group_children,,,, id,group_id,group_provider,user_id,user_provider group1,group3,native Directory,, To import groups from a file: 2. In Manage Groups, click Import. 3. Using Browse, select the.csv file that contains group information that you want to import. 4. Complete a step: 1-4

Chapter 1 Managing Groups Click Upload. Oracle Enterprise Data Management Cloud only: Click Import. 1-5

2 Managing Application-Level Provisioning Overview Note: Application-level provisioning is supported for planning, consolidation and close, tax reporting, and Oracle Enterprise Data Management Cloud applications. Planning and consolidation and Oracle Enterprise Data Management Cloud applications use granular application-specific roles to enhance the access privileges granted through identity domain roles while Oracle Profitability and Cost Management Cloud assigns user and group level data grants to secure access to application data. While the overall access rights are controlled by the predefined Oracle Enterprise Performance Management Cloud roles, Service Administrators can grant applicationspecific roles and data grants to users and to groups created and managed in the Native Directory. For example, a User, by default, is not granted the rights to design the approvals process, which is granted only to Power Users and Service Administrators. From the planning application, Service Administrators can assign the Approvals Administrator role to the user to enable the user to perform approvalsrelated activities. Application-level provisioning can only enhance the access rights of users; none of the privileges granted by an Oracle Identity Management role can be curtailed by application-level provisioning. You manage the provisioning process using Access Control. You can perform these tasks: Create groups and assign Oracle Identity Management users to them Modify group member assignments Assign planning and consolidation application roles to groups or to users View a list of users who are members of a group Users You create and manage users in the Oracle Identity Management associated with the environment to which the application belongs. These users can be assigned application-level roles to enhance the access they have to perform tasks within planning and consolidation applications. Planning and Consolidation Application Roles The following roles apply to planning, consolidation, and tax reporting applications only. See Administering Oracle Profitability and Cost Management Cloud for 2-1

Chapter 2 Planning and Consolidation Application Roles information on assigning data grants from the Oracle Profitability and Cost Management Cloud application. Approvals Administrator Resolves approval issues by manually taking ownership of the process. Comprises the Approvals Ownership Assigner, Approvals Process Designer, and Approvals Supervisor roles. Typically, this role is assigned to business users in charge of a region who need to control the approvals process for the region but do not require the Planning Administrator role. They can perform these tasks: Control approvals process Perform actions on Planning units to which they have write access Assign owners and reviewers for the organization under their charge Change the secondary dimension or update validation rules Approvals Ownership Assigner Performs all tasks that users with the Planner role can complete. Additionally, performs the following tasks for any member of the planning unit hierarchy to which the user has write access: Assign owners Assign reviewers Specify users to be notified Approvals Process Designer Performs all tasks that users with the Planner and Approvals Ownership Assigner role can complete. Additionally, performs the following tasks for any member of the planning unit hierarchy to which they have write access: Change secondary dimensions and members of entities to which the user has write access Change the scenario and version assignment for a planning unit hierarchy Edit data validation rules of data forms to which the user has access Approvals Supervisor Performs the following tasks for any member of the planning unit hierarchy to which the user has write access even if the user does not own the planning unit. This user cannot change data in planning units that the user does not own. Stop and start a planning unit Take any action on a planning unit Ad Hoc Grid Creator Creates, views, modifies, and saves ad hoc grids. 2-2

Chapter 2 Data Management Roles Ad Hoc User Views and modifies ad-hoc grids and performs ad hoc operations. Ad Hoc Users cannot save ad-hoc grids. Ad Hoc Read Only User Performs all ad hoc functions, but cannot write back into ad hoc grids. Calculation Manager Administrator Creates, updates, and deletes rules calculation objects. Also redefines launch access rights per the rules and rulesets of the application. Mass Allocation Runs mass allocation rules within form grids. Task List Access Manager Assigns tasks to other users. Data Management Roles By default, only Service Administrators and Power Users can access Data Management to work on the data integration process. To enable users with the User or Viewer identity domain role to participate in the integration process, Service Administrators can grant the following Data Management roles to them. Note: These roles work for Oracle Financial Consolidation and Close Cloud and Oracle Tax Reporting Cloud applications only. Create Integration Uses Data Management to create mappings to integrate data between source and target systems. Users can define data rules with various run time options. Run Integration From Data Management, executes data rules with runtime parameters and views execution logs. Drill Through Drills through to the source system of the data. 2-3

Chapter 2 Oracle Enterprise Data Management Cloud Application Roles Oracle Enterprise Data Management Cloud Application Roles These roles apply to Oracle Enterprise Data Management Cloud applications only. Application Creator Registers applications in Oracle Enterprise Data Management Cloud. The user who registers an application is assigned Application Owner permission. This user also is assigned as the view owner of the default application view. View Creator Creates views in a Oracle Enterprise Data Management Cloud application. The user who creates a view is assigned View Owner permission to the view. Provisioning a Group or a User During the provisioning process, Service Administrators grant application-level roles to Native Directory groups and Oracle Identity Management users. Note: You cannot grant application roles to your own user account. To enable you to view user assignments, Native Directory lists the predefined Oracle Enterprise Performance Management Cloud roles as groups. These roles are not listed on Provision Roles screen; you cannot provision them from Access Control. To provision a group or a user: 2. Click Provision Roles. 3. Find the user or group to provision. Use * (asterisk) as the wildcard to retrieve all available groups or Oracle Identity Management users. In Search, enter a search string and then click (Search) to locate the user that you want to provision. From the drop down list, select Groups, then in Search, enter a search string, and then click (Search) to locate the group that you want to provision. 4. Click (Action) of the user or group that you want to provision, and then select Provision. 5. From Available Roles, select the roles that you want to assign to the user or group and then click Move. 2-4

Chapter 2 Deprovisioning a Group or a User See Planning and Consolidation Application Roles for descriptions of the planning and consolidation roles that can be granted to users and groups. Selected roles are listed under Assigned Roles. To remove assigned roles, from Assigned Roles, select the role to remove, and then click Remove. 6. Click OK. 7. Click OK. Deprovisioning a Group or a User Deprovisioning removes all the application roles that are assigned to the group or to the user. Deprovisioing does not affect the Oracle Identity Management roles of the user. To deprovision a group or a user: 2. Click Provision Roles. 3. Find the user or group to deprovision. Use * (asterisk) as the wildcard to retrieve all available groups or Oracle Identity Management users. In Search, enter a search string and then click (Search) to locate the user that you want to deprovision. From the drop down list, select Groups, then in Search, enter a search string and then click (Search) to locate the group that you want to deprovision. 4. Click (Action) of the user or group that you want to deprovision, and then select Deprovision. 5. Click Yes. 6. Click OK. 2-5

3 Generating Reports You use these reports to analyze and manage provisioning: Generating a Provisioning Report for a User or Group Generating Service-Level Provisioning Report Generating User Login Report Report generation time indicated on reports reflects the time based on browser timezone (local system clock). About the CSV Version of the Provisioning Report You can export a report to create a CSV version of the report. In addition to the number of provisioned users, the CSV version of the report lists the following: Application roles that are mapped to the predefined identity domain roles assigned to users. For example, if the user is assigned the Service Administrator role, the CSV version of the report lists one row for each application role mapped to the Service Administrator. Groups to which users are assigned, even if the group is not assigned to any role. Generating a Provisioning Report for a User or Group Service Administrators use the Provisioning Report to review the access, both service level and application-level, granted to users groups. The report lists the service and application roles granted directly to the user as well as inherited application role (roles provisioned to groups to which users belong). Groups to which a user belongs is not listed if the group has not been provisioned with an application role. Provisioning Report enables you to track user access for compliance reporting. To generate a user or group-level Provisioning Report: 2. Click Provision Roles. 3. Find user or group for which you want to create provisioning report. Use * (asterisk) as the wildcard to retrieve all available groups or Oracle Identity Management users. In Search, enter a search string and then click (Search) to locate a user. From the drop down list, select Groups, then in Search, enter a search string, and then click (Search) to locate a group. 4. Click Action (Action) of the user or group for which you want to generate the report, and then select Provision Report. 3-1

Chapter 3 Generating Service-Level Provisioning Report 5. Optional: Click Export to CSV to export the report into a Comma Separated Value (CSV) file. 6. Click Close to close the report. Generating Service-Level Provisioning Report Service Administrators use the Provisioning Report to review the access, both servicelevel and application-level, granted to all users. The report lists the service roles (for example, Service-name Power User) and application roles (for example, Mass Allocation, which is a Planning application role) granted directly to the user using the Provision Roles tab. Inherited roles, as well as information on inheritance, are displayed in one row for each user. For example, assume that user John Doe is assigned the service-name User role of the service and that service-name user is a member of the example group, which is provisioned with the Approvals Approver Planning application role. In this scenario, the Provisioning Report displays the following as a part of the provisioning information for John Doe: Approvals Approver (example->service-name User). The Provisioning Report also identifies the number of provisioned users who are authorized to access the environment. Note: Starting with the September 2017 update, the contents of the Provisioning Report tab has changed considerably. Filters to specify report generation parameters have been removed from the Provisioning Report tab. The report is now generated for all users only. The.CSV version of the report uses multiple rows to list inherited roles. You can export the Provisioning Report as a Comma Separated Value File, which you can open using a program such as Microsoft Excel or save to your computer. The Provisioning Report in CSV format uses one row for each role assignment. 3-2

Chapter 3 Generating User Login Report To open the Provisioning Report: 2. Click Provisioning Report. The provisioning report is displayed. 3. Optional: Click Export to CSV to export the report into a Comma Separated Value (CSV) file. Generating User Login Report The User Login Report contains information on the users who signed into an environment over a specified period of time. It shows the IP address of the computer from which the user logged in and the date and time at which the user accessed the environment. The service provides you a default User Login Report that lists all users who signed in over the last day. Service Administrators can regenerate this report for a custom date range or for the last 30 days, last 90 days, and last 120 days. Note: The service maintains user login audit history for the last 120 days only. To regenerate the User Login Report: 2. Click User Login Report. A report that lists all users who signed into the service over the last day is displayed. 3-3

Chapter 3 Generating User Login Report 3. Select a period Last 1 Day, Last 30 Days, Last 90 Days, or Last 120 Days for which you want to generate the report. To specify a custom date range, select Date Range and then selecte a start date and end date. 4. Optional: Select the users to include in the report. Skip this step if you are generating the report for all users. a. In the search box, type a search criterion. Use * (asterisk) as the wild card character in search strings. b. Click (Search). 5. Optional: Click Export to CSV to export the report into a Comma Separated Value (CSV) file. 6. Click Cancel to close the report. 3-4

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback