Duplicate Responsibilities in Oracle: Are you sure you’re giving out a ‘Reporting’ Responsibility?
All versions of Oracle E-Business Suite have an access controls vulnerability that they allow more than one Responsibility to have exactly the same name as another. Surprisingly, out of the box in Release 12 there are 34 Responsibilities with duplicate names, 13 of which have the same name but completely different privileges as their namesake.
- It is possible to create new Responsibilities with the same name as an existing one, but completely different privileges
- There’s no default reports to identify these duplicates nor the privileges within the menus they’ve been assigned
Testing for duplicate Responsibilities is one of the tests included in our SRS Access Analytics service and we’d be delighted to introduce you to some of our existing clients for this service.
In our “Duplicate Oracle Responsibility Risk” white paper, we walk through an example of the risk that this can bring, along with recommendations for determining whether this is an issue at present for your organisation and how to prevent it from becoming an issue in the future.
You can get our “Duplicate Oracle Responsibility Risk” bitesized white paper straight to your inbox by completing the form below.