- GRC Module: How to Create Access Models

Overview

How to create models to review separation of duties conflicts
Custom roles that grant access to the Risk Management module in Oracle
Access Entitlements must be setup before the Access Model is created
When creating an user access model, we select two conflicting access entitlements (available to a role or user)
Access model produces results for users to identify instances of conflict

Critical Concepts

An access model lists two business functions (also known as activities or processes), which if assigned to a role could result in access that rises the risk of fraud or errors in transactions that lead to financial misstatements

Steps to Take

1. Select the Risk Management tab

2. Select Advanced Controls tile

3. Select the Models icon

4. In Active Models, select Actions menu, then Create Access Model

5. Enter Name and Description, and select the checkbox for Override record limit and return all results for access model analysis to ensure all incidents are identified in results report

Name should be identified from the UCSD SOD Ruleset list

6. Next to Model Objects, select the Add button

7. In Access Entitlement row, select the Add button, and the icon will change

8. To the left of Select Business Objects, click the Done arrow

9. Next to Model Logic, select the Add Filter button

10. In the Filter dialog box, enter the Name, and then select the Object, Attribute, Condition, and Type, then click the Search icon

11. In Search and Add dialog box, in Name and Description fields, enter criteria in text fields to search for Access Entitlements to add

12. Select the desired Entitlement, row will be highlighted, and then select OK

13. The Entitlement will display in the Value field, then click OK again

14. Repeat Steps #9-13 to create another Filter for the second Access Entitlement

Model Logic area will show two objects

15. Select Save and Close to finish the creation process

16. Open the newly created access model, and click the Security Assignment button

17. To the right of User Assignment or Group Assignment, select Add

18. Select the appropriate user Name or Group name, confirm the Authorized As value, and then select Save

19. To the left of Security Assignment, click the Done arrow to exit

If you still have questions or need additional assistance, please submit a ticket