How improper role design can be even more costly than risk - JP Nicholson

Scenario: Improper role design has financial implications far beyond the separation of duties & sensitive access paradigms. If not built correctly they can impact which and how many Oracle modules are called which means potentially what you are being billed for from Oracle

Solution: 

Utilize best practices approaches for role design:

1. Use a least privileged access design principle. Keeping in mind the lesser the access also means fewer users calling that role which means fewer users accessing that module.

2. Remediate any “intra” role conflicts or roles that may have excessive access which will also reduce potential module usage

3. Start with seeded roles and delete access where it is not needed again based on a least privileged access principle

4. Avoid building from scratch. We have seen many cases where the subscription costs were extremely higher as a result of incorrect roles with major design flaws.