Security Inside Out Edition
Oracle Corp
May 2012 Stay Connected: FacebookTwitterBlog    FacebookTwitterBlog
Back to the main page
Keeping Entitlements in Check

As a result of increasing governance pressure, security audits now examine authorization in greater detail than ever before. At a granular level the building blocks of system access are referred to as entitlements. For example, when a user gets access to a financial application, the access is composed of permissions to access specific screens, buttons, and data. When auditors look for potential risks, they examine these entitlements to determine if a user might have excessive access or privileges that conflict. For instance, a salesperson compensated by booked purchase orders should not be allowed to book orders without verification. Because applications control many ERP processes, audit controls exist to ensure that at the entitlements granted to a user are appropriate for their job role. Today, auditors and application owners struggle to keep excessive entitlements and access in check. Excessive access has caused many cases of insider fraud and created operational risk for organizations. Without a comprehensive approach to access control, organizations are exposed.

Oracle’s pioneering entitlement-driven approach to the problem goes beyond traditional user identity management. Anchored by Oracle Identity Analytics, and Oracle Entitlements Server, Oracle’s approach helps organizations meet growing pressure to enforce and monitor granular access privileges, as well as demonstrate that their controls can detect and prevent security policy violations.

Entitlement-Driven Approach to Identity Management
Oracle addresses access issues in two parts. Oracle Identity Analytics surveys systems and applications to create a view of each user’s entitlements, allowing managers and application owners to review and certify access.

Oracle Entitlements Server examines user interaction with applications and looks for data to enforce entitlement controls to provide audit visibility for compliance reporting. The process of authorizing and checking entitlements at runtime is commonly referred to as external authorization.

Certifying User Access
Certifying access to millions of user entitlements on a recurring basis can be time-consuming and complex. Oracle Identity Analytics simplifies access certification with straightforward business-centric views and actionable dashboards. Powered by analytics, these dashboards reduce the potential for errors and present approvers with actionable information. Additionally, Oracle Identity Analytics enables customers to scale compliance initiatives to millions of user entitlements across thousands of applications—without compromising speed or integrity.

Oracle Identity Analytics provides aggregated risk metrics along with in-depth historical context, allowing approvers to focus on critical applications and associated audit risks. Seamless integration with Oracle Identity Manager 11g allows Oracle Identity Analytics to provide closed-loop remediation, including controls to prevent conflicting privileges.

Externalizing Authorization
While many organizations have centralized their Web access management infrastructure, many find that application-centric authorization decisions are hard-wired into the application business logic itself. Oracle Entitlements Server is an external authorization solution, enabling granular enforcement of entitlements. It externalizes and centralizes authorization management—even in environments with distributed, heterogeneous applications, Web services, databases, and portals.

Oracle Entitlements Server ensures extremely low latency for mission-critical high-performance applications that need to perform authorization checks in real time. It has been designed to meet the requirements of very large deployments and scales to handle protected UI controls, Web services, database records, and rich media for hundreds of millions of users and tens of thousands of roles.

"This combination of identity technologies is one example of Oracle’s platform approach to identity management where the combined solution provides greater value than the sum of its parts. Organizations adopting each solution independently can gain tremendous benefit, but when combined, the result can dramatically transform the audit process," concludes Naresh Persaud, director of product marketing, Oracle Identity Management.

Learn more about Oracle's entitlement-driven identity management approach. Register today for an upcoming Webcast sponsored by IOUG, “Keeping Entitlements in Check.”

Back to Top
Oracle Information InDepth newsletters bring targeted news, articles, customer stories, and special offers to business people who want to find out how to streamline enterprise information management, measure results, improve business processes, and communicate a single truth to their constituents.

Please send questions or comments to

For answers to questions about subscribing, unsubscribing, and managing your Oracle e-mail communications preferences, please see the Oracle E-Mail Communications page.

Copyright © 2012, Oracle Corporation and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor is it subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.