Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Path Exclusions for Oracle EBS

emily-liu1
New Contributor
New Contributor

‎10/08/2024 07:07 AM

We are currently addressing a specific requirement for our Oracle EBS SoD scans within Saviynt. Unlike the standard exclusions for inquiry roles or view-only roles, we are focusing on the exclusion of known false positives based on specific paths within parent roles. Our objective is to ensure that when an SoD scan identifies a specific combination of a parent role and function, it should not be flagged as a true conflict.

Could you provide guidance on how this configuration can be achieved in Saviynt? We are contemplating whether this would necessitate an additional query at the function level within the exclusion settings, or if there might be an alternative approach to effectively address this requirement.

Any suggestions or insights on the best way to implement this exclusion would be greatly appreciated. We aim to refine our SoD scan process to accurately reflect true conflicts while eliminating known false positives from the results.

Labels:
0 Kudos
2 REPLIES 2

rushikeshvartak
All-Star
All-Star

‎10/08/2024 10:53 AM

  • Can you elaborate with example

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

emily-liu1
New Contributor
New Contributor
In response to rushikeshvartak

‎10/08/2024 11:25 AM

Hi, Thank you for your response.

For example, we are seeing this SoD violation below where the entitlement AP_APXSUMPS is triggering the AP_Maintain Setups side of the SoD rule because the role AP_WORLDSIDE_SETUP contains it.

Risk NameRoleParent RoleEntitlementFunction
AP_Maintain Setups and AP_Maintain SuppliersAP_WORLDWIDE_SETUPAP_WORLDWIDE_SETUP > AP_NAVIGATE_GUI12 > AP_ACCOUNTING_GUI12AP_APXSUMPSAP_Maintain Setups

Upon review, we've determined that the path AP_NAVIGATE_GUI12 > AP_ACCOUNTING_GUI12 > AP_APXSUMPS is a false positive, as it does not grant the ability to maintain AP setups. We still want to evaluate for the function but only when it is being accessed through the path defined in the parent role that we would want it to be excluded.

Given that this path appears in other SoD violations, we are looking to implement an exclusion query. The goal is to ensure that when SoD analysis is conducted—whether preventatively or detectively—this path is not flagged in the results.

0 Kudos
Copyright © 2024 Khoros, LLC