My Oracle Support Banner

EGRC 8.6.x: False Negative, Conflict Run Does Not Select Users With Access To The AZN Submenu (Doc ID 1494312.1)

Last updated on APRIL 02, 2019

Applies to:

Oracle Application Access Controls Governor - Version 8.6 and later
Information in this document applies to any platform.

Symptoms

On : In Application Access Controls Governor (AACG)8.6.3. 6036 version:

AACG is used to report segregation of duties(SOD) in the business applications. When the Global Conditions Menu Function Prompt: No Prompt is enabled, the AZN submenus are taken out of the incident results, but it is a violation of SOD as users have access to many functions through the AZN submenu in EBS. The results are showing false positives.

Expected Behavior
-----------------------
The expected behavior is for the incident results to show the users with access to the sub menu AZN regardless if the submenu is setup with a prompt or not.

Actual Behavior :
---------------
The actual behavior is that, all users with access to the sub menu AZN is excluded from the incident results set when the submenu is setup in EBS without a prompt and this is causing false positive results.

WORKAROUND:
-------------------------

As a workaround we propose to add prompts to AZN submenu items.


STEPS
-----------------------

  The issue can be reproduced at will with the following steps:

  1. Log into AACG application
  2. Create a Global Condition for Menu Function Prompt: No Prompt
  3. Run results for the model > All user with access to submenu AZN is removed from the incident results where the submenu is setup in EBS without a prompt
  4. Disable the Global Condition for Menu Function Prompt: No Prompt
  5. Run results again > All user with access to sub menu AZN is shown in the incident results
  6. The issue is that even though the menu is setup without a prompt, users still has access to the functions from the AZN tab.

  BUSINESS IMPACT
  -----------------------

  The issue has the following business impact:
  This issue is jeopardizing upgrade to newer version and impacting go-live. This issue is not causing problems with other product functionality.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.