Before we do a security comparison between Oracle Fusion and EBS, let us touch base on some fundamentals.

What is Authentication

Authentication is where the user needs to prove their identity using username and password

What is Authorization

Authorization identifies data and actions the user can access   i.e. if the user has the correct permissions then they can perform the requested operation on the data or the screen or the report or the workflow.

Data Security

Controls which data can the users operate upon in the system.

In Oracle EBS, the product has been developed using predefined data security policies in the AOL module and also in each module that uses GL Ledgers or Value Sets or Multi Org Access control.  In case of Oracle R12 E-Business Suite HCM, it uses product specific security called "Security Profiles" which are attached the a responsibility.

However in case of Oracle Fusion Cloud Applications, Oracle have developed a layer named APM. This APM layer sites above Oracle Identity Manager and Oracle Entitlement Server. The data security policies are stored in the data security policy store and are managed using screens APM, i.e. Authorization Policy Manager.

In Fusion you have Reference data sets, which allow business units to share reference data with one another. For example, you may wish to share certain payment terms globally across all business units, allowing you to enforce global payment policies. Reference data is managed by sets whilst the transactional data is managed by business units. This avoids the need to duplicate reference data for each business unit.

Summary of comparison

Both E-Business Suite and Fusion Apps have similar capabilities to authenticate users but EBS uses  proprietary system whereas Oracle Fusion Cloud takes advantage of the latest standards based methodology in Fusion Middleware.

Where can the authentication be delegated to in Fusion Public Cloud?

The responsibility to authenticate username and password can be delegated(federated) to other systems such as those listed below

Microsoft Active Directory Federation Services (ADFS)
Oracle Identity Federation (OIF)
Oracle Access Management
Shibboleth open source single sign-on software
Okta ( Cloud based auth provider )
Ping One and Ping Federate
Microsoft Azure Active Directory (Azure AD)
IBM Tivoli Access Manager
IBM Security Access Manager
OneLogin

Do the OTBI reports support data access set security ?

Yes, the reporting layer In OTBI, applies the same security as applied by Oracle Fusion screens.

The users can view the Fusion GL journals and Fusion Essbase Balances for all the ledgers which are attached to the user's data access sets. For example if a user has access to data access set DA1 (ledger A and ledger B are attached to data access set A) and data access set B (ledger C and ledger D are attached to data access set DA2) then in the OTBI the user can view the data for all the ledgers -> ledger A,B, C and D

Securing GL data

The GL data for balances is reported from Essbase Cubes in Fusion. The SmartView and OTBI reports used on Essbase respect the security policies for Ledgers and value set values.

Varun Kapila

Add comment