Most corporations are faced with a myriad of compliances programs. An underlying common requirement amongst most compliance programs is governing who has what access to the system and applications, including databases. Oracle Access Governance is a cloud native identity governance and administration (IGA) solution that helps organizations addressing their compliances and governance requirements. Oracle Access Governance provides user provisioning, access reviews, and identity analytics to define and govern access privileges.
This blog post provides an overview of how IT and compliance administrators can simplify their database identity governance through Oracle Access Governance. By connecting Oracle Access Governance to their Oracle database, they can achieve the following benefits:
By connecting Oracle Access Governance to a database, and administrator can quickly view who has access to the database and the roles and permissions assigned to the user. Let's explore the required high-level steps.
An administrator also needs to download a small lightweight agent to run alongside the database, which continuously syncs the database with Access Governance. After downloading the agent, follow the instructions explained in the Agent Administration section of the documentation.
When an administrator has Oracle Access Governance connected to the database, they can now go to the enterprise-wide view and search for the database resource. They can now view who has access to the database, but more importantly, they can see the permissions a user has in the database and how they got it.
By selecting View all accesses under a user, an administrator can see all the accesses granted to the user across different applications. In this case, they can also view all the permissions and roles belonging to the user in the database.
Users can request access to database roles and privileges through access bundles, a facet native to Oracle Access Governance. An access bundle is a collection of permissions that package access to resources, application features, and functionality into a unit that can be requested. Administrators create Access bundles based on the relevant permissions they want to group together for access requests and reviews.
Oracle Access Governance shows all the permissions brought in through syncing with the database. The administrator can search and select the relevant permissions to include in the access bundle.
Users can now request these access bundles and gain access to these database permissions when granted. Oracle Access Governance first creates a user database account if it doesn’t already exist. If it does, it adds the requested permissions after getting the required approvals defined as part of the approval workflow.
You can use Oracle Access Governance to perform access reviews on the Oracle database. This process eliminates using a manual method to perform database user access reviews.
Admins can define a database access review by creating an access review campaign and selecting the database as the system, along with appropriate access bundles and roles.
When the review campaign is created and running, a reviewer can review users by seeing what access bundles were granted.
By selecting the access bundle, the reviewer can see the individual permissions included as part of the access bundle.
Oracle Access Governance facilitates database administrators in efficiently managing governance and administration of their essential databases. It offers automated processes for requesting access to database roles and privileges, complete with necessary approvals. Moreover, it enables automated reviews of database user permissions. Administrators can consistently verify access permissions by utilizing the enterprise-wide browser integrated with the databases.
Check out this tutorial that walks through steps on integrating Access Governance with an Oracle Database.
For more information, see the following resources:
Anuj Tripathi is a member of the Oracle North America Technology Platform Specialist Solution Engineering Team. Anuj has worked in Identity and Access Management for close to 9 years and specialises in Oracle IAM suite of products, both enterprise and OCI IAM including cloud native Access Governance. In his role, Anuj has successfully solved numerous customer problems around their IAM ecosystem and worked on various Oracle and third party integrations. Anuj has also developed a series of workshops on Oracle Livelabs platform including IAM containers deployment, Oracle Identity Role Intelligence and Oracle Access Governance.
George Hong is a member of the Oracle North America Technology Platform Specialist Solution Engineering Team. George has worked in security for over 20 years, and has been the speaker at numerous Oracle security events. In his role, George has led numerous enterprise security workshops and assessments as the lead Security Architect. George was also involved in the Industry’s first SAML implementation, and helped contributed to the design for the SAML 2.0 SP-Initiated spec.
Previous Post
Next Post