This page contains: Hide
The Emergency Access functionality is designed to assist in situations where a user may briefly require additional access to solve a problem. A user can request new access for the time period specified. The request is documented and access is automatically revoked at a pre-arranged time. The user can also manually revoke the access before the pre-arranged time.
Note: Users who are assigned the Emergency Access User role can create emergency access request, even an administrator cannot create it.
Before users can avail of the Emergency Access functionality, the following must be ensured:
Users must be Oracle users with valid credentials to log into IRC.
Users must exist in the connection for which access is requested.
Users must be assigned the Emergency Access User role. This role is added to the collection of pre-shipped IRC roles when Access Manager is installed. It governs users who are allowed emergency access, thereby enabling organizations to securely allow or restrict access to the functionality on a user-to-user basis.
A set of functional areas with responsibility as a leaf sub-functional area should be defined as Emergency Access Functional Areas. Once a functional area hierarchy has been marked for emergency access, it will only be used for emergency access and will not be considered for the approval process.
Emergency Access is available to IRC users assigned the Administrator or Emergency Access User roles. To create an emergency access type of request:
Provide a name for the request.
Select the connection in which the emergency access responsibility
is to be assigned. To select a connection, type in a part of the connection
name in the autosuggest text box. All connections matching the search
criteria are displayed. Select the required connection.
Alternatively, browse and select the required connection. The
connection appears in the Connections field.
Note: Connections are listed only if they meet the following conditions:
The signed-in user has an account mapped to the connection.
The user is unlocked.
The Completion of Request option for the connection is set to 'automatic'. You can configure this setting through the Configuration page (Settings -> Configuration -> Access Management -> Approval Options -> Completion of Request).
The signed-in user has access to the connection, if the connection is secured.
Select the responsibilities to be self-assigned. To
select responsibilities, type in a part of the responsibility name
in the autosuggest text box. All responsibilities from the selected
connection and matching the search criteria are displayed. Select
the required responsibilities.
Alternatively, browse and select the required responsibilities
and click OK. The selected responsibilities appear in the New Responsibilities
to be Assigned panel.
In the New Roles to be Assigned panel, the Valid From column displays Request Creation Time. This column is updated with the time when the request is submitted.
The roles that can be self-assigned must be defined through functional areas. To view roles from specific functional areas, select the option Roles by Functional Area from the drop-down list at the top left of the Role Name browse window.
Set the validity dates for the responsibility by clicking the Valid from and Valid through links. The emergency access assignment period can be configured through the Emergency Access option of the Access Management page (Settings -> Configuration ->Access Management ->Approval Options ->Emergency Access ). The validity time selected here is the local user time. Ensure that the local time zone is set on the Preferences page.
Add comments to explain the reason for this responsibility assignment, if required.
Click Send. The request appears on the Requests History page. After the request is approved, it appears on the Requests page. Click the emergency access request link on the Requests page or on the Requests History page to view the request details. You cannot take any action from this page.
Emergency Access requests do not undergo analysis and also require no action to be taken on them as the completion of the request is always set to 'automatic' on the default template for this type of request. Therefore, once an Emergency Access request is created, the request is documented as self-approved.
For each emergency access request, IRC creates an emergency access revoke request to automatically revoke the responsibility after its validity expires. The emergency revoke request also allows the creator to manually revoke the request before the validity period lapses.
This request is visible on the Requests home page until it is complete. After completion it is visible on the History tab on the Requests home page. Details of this request are also displayed in the Oracle Emergency Access Activity Report. Only the request creators and system administrators can view the revocation request for emergency responsibility assignment on the Requests home page and revoke it manually in either of the following ways:
By opening the request and clicking the Force Submit button at the bottom of the request details page.
By clicking the Quick Process arrow next to the request on the Requests home page.
After the request is revoked, both the History page and the email notification sent out will display the message that the request was forcibly revoked.
