- Revision History
- Overview
-
- Common
-
- Ability to Identify User Groups with No Eligible Members
- Prevention of Assignment of User Groups with No Eligible Members
- Notification Jobs
- Limit Purging of Jobs
- More Details in Mass Edit Security Job Summary
- Mass Edit Security Page Offers Separate Searches for Ineligible and Missing Authorizations
- Ability to Use Drag and Drop for Uploading of Attachments
- Ability to Use REST API to Mass-Edit Incidents
-
- Financial Reporting Compliance
- Advanced Access Controls
-
- New and Updated Delivered Model Content
- Removed Some Access Condition Attributes
- Added Exclusions for Procurement Agent Actions
- Result Records Now Include Role Codes
- Ability to Autogenerate Provisioning Rules
- Mass Edit Security for Results
- Limit Ability to Purge Control Incident Results to Control Owners
-
- Access Certification
- Advanced Financial Controls
- Transactional Business Intelligence for Risk Management
- Common
This document will continue to evolve as existing sections change and new information is added. All updates appear in the following table:
| Date | Product | Feature | Notes |
|---|---|---|---|
| 05 MAR 2021 | Created initial document. |
This guide outlines the information you need to know about new or improved functionality in this update.
DISCLAIMER
The information contained in this document may include statements about Oracle’s product development plans. Many factors can materially affect Oracle’s product development plans and the nature and timing of future product releases. Accordingly, this Information is provided to you solely for information only, is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described remains at the sole discretion of Oracle.
This information may not be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates. Oracle specifically disclaims any liability with respect to this information. Refer to the Legal Notices and Terms of Use for further information.
Ability to Identify User Groups with No Eligible Members
For the security assignment page of any record, if an assigned group does not have any eligible members, the warning icon is displayed.
Prevention of Assignment of User Groups with No Eligible Members
As you secure a record, user groups with no members eligible for that record are no longer available for selection.
In earlier releases, a Notification job alerted users to tasks that required their attention. Now that job is split in three, one to announce tasks for each of Advanced Controls, Financial Reporting Compliance, and Access Certifications. You don't run these jobs directly. Instead, they are launched by the Security Synchronization job when you run it.
You can purge jobs in the Monitor Jobs page. Only jobs in the following statuses are eligible to be purged:
- Completed
- Failed
- Canceled
More Details in Mass Edit Security Job Summary
In the Monitor Jobs page, the record for a run of the mass-edit security job now shows the selected parameter values, the records that were updated, and the records that were not updated due to errors.
Mass Edit Security Page Offers Separate Searches for Ineligible and Missing Authorizations
In the Mass Edit Security Assignment page, you can use filters to select records that need editing. Among them, a Missing or Ineligible User by Authorization filter has been separated in two:
- Missing Eligible Users or Groups by Authorization searches for records with no eligible users for a specified authorization.
- Ineligible Users or Groups by Authorization identifies records with assigned users who are no longer eligible.
Ability to Use Drag and Drop for Uploading of Attachments
User can now use drag and drop to upload attachments throughout the entire product suite. This is in addition to the existing ability to browse for files to upload which will remain.
Ability to Use REST API to Mass-Edit Incidents
A new REST API feature enables you to perform mass edit on incident results generated by an advanced control.
Financial Reporting Compliance
Multiple changes have been implemented to the data migration feature: flexfield validation, removal of risk analysis and evaluation records, inclusion of a new summary page displaying the status of a data migration job and number of records successfully imported.
Copy Feature Copies Security Assignment
By default when the user copies an existing object record, the record is copied along with its security assignments.
Copy, Delete, Archive, and Filter Assessment Batches
You can now copy a prior assessment batch, which will include prior scoping criteria and assessment record security assignment. In addition, you can delete an assessment batch that has not been initiated and archive prior assessment batches.
Ability to Send Email Reminders
Authorized users can now send email reminders for incomplete surveys, assessments, issues, and remediation plans.
New and Updated Delivered Model Content
Oracle delivers three new models to detect separation-of-duties conflicts. These models include:
- 6925: Enter Journals and Post Journal Entry and Manage Accounting Period Statuses for General Ledger
- 6926: Enter Journals and Post Journal Entry and Manage Journal Sources
- 6927: Enter Journals and Post Journal Entry and Setup General Ledgers
The privilege Manage Data Exchange Work Area has been removed from the Manage Worker entitlement and affects five models:
- 4056: Manage Worker and Manage Payroll
- 4057: Manage Worker and Manage Payroll Batch Processes
- 4058: Manage Worker and Manage Payroll Costing
- 4070: Manage Worker and Manage Compensation
- 4075: Manage Worker and Manage Time and Labor
Removed Some Access Condition Attributes
In its Important Actions and Considerations section, the What's New document for 20D gave a heads-up. The following attributes of the Access Condition Business Object were not supported, and would be removed in a future release: Country, Department, Legal Employer, and Location. In 21B, they have been removed. (The 20D document also said the Reference Data Set attribute would be removed, but it has been retained for now.)
Added Exclusions for Procurement Agent Actions
For certain privileges to grant functional access, a user must be granted both the privilege and a corresponding "action" as a "procurement agent" for a business unit. For example, a person may be set up as a procurement agent, but unless granted the privilege to "Change Supplier Site" and the action to "Manage Purchase Orders," that person will not be able to transact for that privilege. Advanced Access Controls automatically excludes privileges related to actions a procurement agent has not been granted access to perform. Twenty additional privileges are now excluded during analysis if not granted via a procurement agent.
Result Records Now Include Role Codes
Job roles and duty roles can have display names that are not unique. When one of these names appears in a model result or a control incident, it's difficult to know which role is referenced. The unique role code is now available in a new column called Incident Information Codes.
Ability to Autogenerate Provisioning Rules
In addition to creating provisioning rules manually, you can also generate them automatically, based on active access controls.
Mass Edit Security for Results
You can now mass-edit security for incidents you own no matter how you select them. Previously, an owner could mass-edit security for a full or filtered list of incidents generated by a control, but not for incidents selected from that list. (Note, though, that a list of incidents may include some you own, some for which you're editor, and some for which you're viewer. It remains true that you can mass-edit security only for those you own, not those for which you're an editor or viewer.)
Limit Ability to Purge Control Incident Results to Control Owners
You can purge incident results generated by a control only if you are an owner of the control.
Certification Attachments Supported
You can now use the Firefox browser to add attachments in the certifier worksheet.
Changes Are Made to Business Objects
This release includes additions and updates to business object attributes. For existing business objects, new attributes were added to Expense Report Information, Purchase Order, Requisition, Audit - Person Allocated Checklist, and Audit - Supplier.
Mass Edit Security for Results
You can now mass-edit security for incidents you own no matter how you select them. Previously, an owner could mass-edit security for a full or filtered list of incidents generated by a control, but not for incidents selected from that list. (Note, though, that a list of incidents may include some you own, some for which you're editor, and some for which you're viewer. It remains true that you can mass-edit security only for those you own, not those for which you're an editor or viewer.)
Limit Ability to Purge Control Incident Results to Control Owners
You can purge incident results generated by a control only if you are an owner of the control.
Transactional Business Intelligence for Risk Management
New attributes in the Risk Management Cloud - Assessment Results Real Time subject area enable you to report on issue and remediation plan records. Apart from those, new attributes have been added to both the Risk Management Cloud - Assessment Results Real Time and the Risk Management Cloud - Compliance Real Time subject areas.