Revision History

This document will continue to evolve as existing sections change and new information is added. All updates are logged below, with the most recent updates at the top.

The new functionality referenced in this document may not be immediately available to you if your organization has chosen not to receive optional monthly updates.  Rest assured you will receive the new functionality in the next quarterly update which is required and cumulative. Quarterly updates are applied in February, May, August, and November.

.

Date

What's Changed

Notes

25 JUL 2017

Oracle Financial Reporting Compliance:

Transactional Business Intelligence Enterprise for Risk Management

New feature delivered in Update 8 (August), which will also be included in the August Quarterly update.

24 MAY 2017

Risk Management: Page Composer

New feature delivered in Update 6 (June), which will also be included in the August Quarterly update.

21 APR 2017

Oracle Financial Reporting Compliance: Management Page Search

New feature delivered in Update 5, the May Quarterly update.

17 JAN 2017

Initial Document Creation

Overview

This guide outlines the information you need to know about new or improved functionality in Oracle Risk Management Cloud Release 12. Each section includes a brief description of the feature, the steps you need to take to enable or begin using the feature, any tips or considerations that you should keep in mind, and the resources available to help you.

Give Us Feedback

We welcome your comments and suggestions to improve the content. Please send us your feedback at oracle_fusion_applications_help_ww_grp@oracle.com.

Release Feature Summary

Some of the new Release 12 features are automatically available to users after the upgrade and some require action from the user, the company administrator, or Oracle.

The table below offers a quick view of the actions required to enable each of the Release 12 features:

Action Required to Enable Feature

Feature

Automatically Available

End User Action Required

Administrator Action Required

Oracle Service Request Required

Oracle Risk Management Cloud

Changes to Security-Related Jobs

Security Updates to Predefined Roles

Page Composer

Management Page Search

Transactional Business Intelligence Enterprise for Risk Management

Applications Security

User Account Management

Administrator Password Management

User Password Management (Self-Service)

User Account Locking

Enhanced Role Visualization

Tabular Role Hierarchy View

Search in Role Hierarchy Visualization

User Name Generation Rules

Password Policies

Notification Templates

Upgrade-Safe Management of Factory Shipped Roles

Bridge for Microsoft Active Directory

User Password Changes Audit Report

Integrate Custom Identity Management Solution

Password Reset

Security Console

New Function Security Privileges for Applications Security

Oracle Risk Management Cloud

Oracle Risk Management Cloud offers Financial Reporting Compliance, which documents your policies for identifying and resolving risk in your financial processes.

Changes to Security-Related Jobs

Changes have been made to jobs that run in Oracle Risk Management Cloud to synchronize users, roles, worklists, and other related security artifacts. The following changes have been made to areas under Risk Management Tools, Setup and Administration:

Scheduling page to manage jobs that run on a regular basis.

Steps to Enable

By default, these jobs are scheduled to run once a week, on Sundays. Start times are staggered to ensure they run in the correct sequence.

Tips and Considerations

The jobs are listed in the Scheduling page, where you can modify their schedules. If you do, you must be sure to set start times so that the jobs run in the proper order.

Key Resources

For more information see Risk Management Cloud Implementing Risk Management.

Security Updates to Predefined Roles

Changes have been made to some predefined duty roles in Oracle Risk Management Cloud Release 12. When you are upgrading from Release 11 to Release 12, you should review and compare any custom job roles that used a copy of a predefined role and evaluate if any changes are necessary in Release 12.

Steps to Enable

There are no steps necessary to enable this feature.

Tips and Considerations

Changes to predefined duty roles only impact upgrades from Release 11, and those that made copies of these predefined duty roles.

Key Resources

Please refer to the Upgrade Guide for Oracle Risk Management Cloud Security (Doc ID 2204136.1) to review details of the predefined roles that were modified to see whether any changes are necessary.

Page Composer

While Risk Management provides robust functionality as delivered, you can make changes to it, if necessary. Use Page Composer to customize simplified and desktop pages for other users. For example, you can:

Steps to Enable

Before customizing pages, do the following tasks:

KEY RESOURCES

For more information see Oracle Help Center for the common document covering Page Customization located in Customizing the Applications for Functional Administrators.

Oracle Financial Reporting Compliance Cloud

Oracle Financial Reporting Compliance Cloud consolidates the process of documenting and assessing your business practices to satisfy financial reporting regulations, such as Sarbanes-Oxley and equivalent laws around the world and in the public sector.

Management Page Search

Changes have been made to the location in which you perform searches on objects you manage. The search has been moved to the left side for management pages for processes, risks, controls, and issues. The search criteria and options remain the same.

Locate controls you want to analyze using the search region.

Steps to Enable

There are no steps necessary to enable this feature.

Transactional Business Intelligence Enterprise for Risk Management

Financial Reporting Compliance delivers two subject areas that allow creation of analyses based on Financial Reporting Compliance data. Each is described below. For example, you can use the Compliance subject area to create a Control Listing quickly.

Risk Management Cloud – Compliance Real Time subject area.

Risk Management Cloud - Compliance Real Time

This subject area provides summarized information related to records of Oracle Financial Reporting Compliance objects, such as process, risk, control, issue, remediation plan, and assessment. Dimensions in this subject area allow reporting and analysis related to definitions of the object records. The person who views an analysis or report based on this subject area sees records of objects associated with perspective values matching those specified in his or her security configuration.

Risk Management Cloud - Assessment Results Real Time

This subject area provides summarized information related to Oracle Financial Reporting Compliance assessment results. Dimensions in this subject area allow reporting and analysis related to assessments for processes, risks, and controls.

Steps to Enable

The predefined Enterprise Risk and Control Manager as well as the Compliance Manager job roles have the required duty to access the Risk Management subject areas. If you want to enable reporting for job roles you create, be sure to grant them the Financial Reporting Compliance Transaction Analysis Duty.

Users with access to this duty role have access to both the Compliance and Assessment Results subject areas in Risk Management.

Users viewing analyses created from these subject areas can see only data they have access to, as granted in Risk Management through data security policies. For example, suppose two risks exist, one associated to a US perspective value and the other to a Canada perspective value. A user's data security policies enable him to view only records with US perspective values in the application. That user would also be able to see only records associated to the US risk in an analysis.

Report Synchronization

A synchronization program must be run to gather real-time information pertaining to perspective and security assignments. By default, this job is scheduled to run every Sunday. To change the scheduled frequency or to run the program on demand, navigate to Risk Management Tools > Setup and Administration > Scheduling. Data for both the Compliance and Assessment Results subject areas is available real-time.

KEY RESOURCES

For more information see Oracle Risk Management Cloud Creating Analytics and Reports in the Risk Management library of the Oracle Help Center.

Common Technologies

Applications Security

Oracle Fusion Applications Security provides a single console where IT Security Managers and Administrators can perform various functions including user lifecycle management, role definition, security policy management(both functional and data), role hierarchy maintenance, username and password policy administration, and certificate management. The console also enables users to simulate the effect of security changes, to run security reports, and download a connector for integration with Microsoft Active Directory.

In Release 12, Oracle Fusion Applications Security offers several new capabilities that offer customers the following benefits:

Administrators can also tailor username and password generation by choosing from a list of shipped policies.

Please refer to your product upgrade guide for any steps that may be required to prepare for and adopt this feature. (Upgrade Guide for Oracle Risk Management Cloud Security (Doc ID 2204136.1))

User Account Management

You can now create and manage implementation user accounts within Oracle Fusion Applications Security. You can assign roles to these user accounts using the following navigation: Tools > Security Console > User tab. You can also search, retrieve, and manage user accounts automatically created for employees, contingent workers, supplier contacts, or partner contacts.

Search User Accounts Page

Add User Account Page

Steps to Enable

There are no steps necessary to enable this feature.

Role Information

The following function security privileges are required for this feature.

Privilege Name and Code

Job Role Name and Code

Create User Account

ASE_CREATE_USER_ACCOUNT_PRIV

IT Security Manager

ORA_FND_IT_SECURITY_MANAGER_JOB

Delete User Account

ASE_DELETE_USER_ACCOUNT_PRIV

IT Security Manager

ORA_FND_IT_SECURITY_MANAGER_JOB

Edit User Account

ASE_EDIT_USER_ACCOUNT_PRIV

IT Security Manager

ORA_FND_IT_SECURITY_MANAGER_JOB

View User Account

ASE_VIEW_USER_ACCOUNT_PRIV

IT Security Manager

ORA_FND_IT_SECURITY_MANAGER_JOB

Key Resources

For more information on the Security Console, go to the Help Center for the following guide:

Administrator Password Management

As an administrator, you can manage passwords of other users using the Security Console. You can auto-generate or manually enter a password for a user account. You can also define password lifecycle and complexity policies. Passwords will be automatically validated against these policies.

Administrator’s Reset Password Page

Steps to Enable

There are no steps necessary to enable this feature.

Key Resources

For more information on the Security Console, go to the Help Center for the following guide:

User Password Management (Self-Service)

You can now manage your own user account password using the Security Console. The password will be automatically validated against the defined password lifecycle and complexity policies.

Self-Service Password Reset Page

Steps to Enable

There are no steps necessary to enable this feature.

User Account Locking

As an administrator, you can now lock user accounts. If you lock a user account, you will be temporarily preventing the user from logging in with that user account. You can also unlock a locked user account.

Lock User Account in Edit User Account Page

Steps to Enable

There are no steps necessary to enable this feature.

Enhanced Role Visualization

You can now view only certain components of a role in the graphic visualizer. You can view only the privileges, aggregate privileges or roles assigned to a role. You can also view the graph in full screen mode and pan over a specific region in the graph.

For complex roles, these features enable you to reduce the amount of information visualized and to focus on the area within the role hierarchy that requires your attention.

View Only the Privileges for a Role

View Only the Inherited Roles for a Role

Pan and View Top Left Region of the Graph

Steps to Enable

There are no steps necessary to enable this feature.

Tabular Role Hierarchy View

You can now view role hierarchies in a tabular view. You can switch between the graphic visualizer view and the tabular view. You can also export the date displayed in the tabular view.

Tabular View of Direct and Indirectly Inherited Roles for a Role

Tabular View of Direct and Indirectly Assigned Privileges for a Role

Tabular View of Direct and Indirectly Assigned Users for a Role

Export of Direct and Indirectly Inherited Privileges for a Role

Steps to Enable

There are no steps necessary to enable this feature.

Search in Role Hierarchy Visualization

You can now search and quickly locate security artifacts (nodes) in the role hierarchy visualization. You can search for privileges, roles or users in the visualization.

Search in Role Hierarchy Graph

Steps to Enable

There are no steps necessary to enable this feature.

User Name Generation Rules

You can now define the user name generation rules used to auto-generate the user name in Oracle Fusion Applications Security. User name generation rules can be based on the user’s first and last names, e-mail or person number. You can also choose to use a system generated user name if the rule fails to generate a user name.

User Name Generation Rules Region in the Administration Page

Steps to Enable

There are no steps necessary to enable this feature.

Tips and Considerations

If your company submitted a service request for Oracle to set up a custom username generation rule, review the Validate User Lifecycle Settings topic in the Upgrade Guide for Oracle Risk Management Cloud Security.

Password Policies

You can now define policies for password management. These policies can define the duration for various password lifecycle events like password expiration and password warning generation. You can also set the complexity of generated passwords by choosing from a pre-defined list of rules.

Password Policy Region in the Administration Page

Steps to Enable

There are no steps necessary to enable this feature.

Tips and Considerations

If your company submitted a service request for Oracle to set up a custom password policy, review the Validate User Lifecycle Settings topic in the Upgrade Guide for Oracle Risk Management Cloud Security.

Role Information

The following function security privilege is required for this feature:

Privilege Name and Code

Job Role Name and Code

Run Password Expiry Job

ASE_PASSWORD_EXPIRY_ESS_JOB_PRIV

IT Security Manager

ORA_FND_IT_SECURITY_MANAGER_JOB

Notification Templates

You can now define custom notification templates for user account life cycle events. You can also use pre-defined notification templates.

These templates will be used to generate notifications for events like user account created, user password reset and user password expiry warning.

Notification Templates Region in the Administration Page

Edit Notification Template Page

Steps to Enable

There are no steps necessary to enable this feature.

Tips and Considerations

If your company submitted a service request for Oracle to set up a custom notification template, review the Validate User Lifecycle Settings topic in the Upgrade Guide for Oracle Risk Management Cloud Security.

Upgrade-Safe Management of Factory Shipped Roles

You can now identify a predefined (factory shipped) Oracle role when viewing the role. Predefined Oracle roles are locked and you cannot customize the Oracle delivered functional and data security policies associated with these roles. You can, however, add data security policies to these roles.

Predefined Oracle roles are displayed in a different color in the graph visualizer.

Predefined Role Indicator in the Edit Role Page

Predefined Role Indicator in the Role Hierarchy Graph

Steps to Enable

There are no steps necessary to enable this feature.

Bridge for Microsoft Active Directory

Simplify Single Sign-On with Microsoft Active Directory by downloading and installing the Active Directory Bridge from the Security Console. Automatically synchronize user account information between Oracle Fusion Applications Security and Microsoft Active Directory.

Active Directory Bridge Base Configuration Page

Active Directory Bridge User Attribute Mappings Page

Active Directory Bridge Synchronization Status Page

Steps to Enable

There are no steps necessary to enable this feature.

User Password Changes Audit Report

You can now generate a report that lists password changes made by users. The report can be generated for changes made by specific users or for all changes made during a specific period.

User Password Changes Audit Report Process Details Page

Steps to Enable

There are no steps necessary to enable this feature.

Role Information

The following function security privilege is required for this feature:

Privilege Name and Code

Job Role Name and Code

Run User Password Changes Audit Report

ASE_USER_PASSWORD_CHANGES_AUDIT_REPORT_PRIV

IT Security Manager

ORA_FND_IT_SECURITY_MANAGER_JOB

Steps to Enable

There are no steps necessary to enable this feature.

Integrate Custom Identity Management Solution

You can now optionally Integrate with your Identity Management solution for user and role management using industry standard System for Cross-domain Identity Management (SCIM) REST APIs and ATOM feeds.

Steps to Enable

There are no steps necessary to enable this feature.

Password Reset

The password reset flow has been changed in Release 12. A notification email will be sent to the user who requests a password reset. The user will be required to click on this link, within a specific period of time, to change the password. This replaces the previous flow where users were required to answer a series of challenge questions to reset the password.

Email Notification to Reset Password

User Reset Password Page

Steps to Enable

There are no steps necessary to enable this feature.

Security Console

The unified security administrator interface, combined with the ability to safely upgrade the reference security implementation will result in the following changes in functionality in the Security Console.

Steps to Enable

There are no steps necessary to enable this feature.

New Function Security Privileges for Applications Security

This section provides product-specific information that you need when implementing new Release 12 features in your existing roles.

If you are not using the predefined reference roles, then you need to add the function security privilege to relevant custom job roles.

This table identifies the required function security privilege and the predefined role that automatically inherits the privileges during the upgrade.

Privilege Name and Code

Job Role Name

Create User Account

ASE_CREATE_USER_ACCOUNT_PRIV

IT Security Manager

Delete User Account

ASE_DELETE_USER_ACCOUNT_PRIV

IT Security Manager

Edit User Account

ASE_EDIT_USER_ACCOUNT_PRIV

IT Security Manager

View User Account

ASE_VIEW_USER_ACCOUNT_PRIV

IT Security Manager

Enable Database Resource Management

ASE_ENABLE_DATABASE_RESOURCE_MGMT_PRIV

IT Security Manager

Run Password Expiry Job

ASE_PASSWORD_EXPIRY_ESS_JOB_PRIV

IT Security Manager

Run User Password Changes Audit Report

ASE_USER_PASSWORD_CHANGES_AUDIT_REPORT_PRIV

IT Security Manager


---

A special Oracle logo highlighting Oracle's commitment to developing practices and products that protect the environment. copyrightlogo

12.08