SoftwareOne logo

7.34 min to readPublisher Advisory Services

Oracle Fusion Cloud - Most common compliance issues seen

SoftwareOne blog editorial team
Blog Editorial Team
Publisher advisory

Over the last years, Oracle has been successful in transforming its own Oracle ERP on premise customers to its Oracle Fusion Cloud Service. In its journey to transform end-users to the cloud, Oracle is heavily competing (rather successfully) to get SAP ERP customers to switch over to Oracle Fusion Cloud, and has been named by Gartner as a Leader.

However, early adopters from Oracle’s Fusion Cloud Services have already been confronted with the first "compliance claims" associated with the unlicensed use of Oracle Fusion Cloud Services. Many end-users thought "with the cloud, there are no compliance issues anymore;" but the reality is different.

In our previous article we focused on how the actual license metrics of Oracle’s Fusion Cloud Services dictate the importance of setting up and monitoring your users in a complete and accurate manner. In this article we will focus on the most common compliance issues seen with Oracle Fusion Cloud customers. Our next article will focus on the different non-standard terms you can negotiate with Oracle during your next commercial negotiations.

The below provides an overview of the most common compliance issues we have seen end-users being confronted with during an audit or commercial negotiation with Oracle.

Authorized users vs active users

Similar as for Oracle application environments deployed on premise, the management of users within the Oracle Fusion Cloud Service is an attention point for many end-user organizations. Many end-user organizations do not have the proper controls in place to:

  • disable an individual user account for an employee that left the organization or
  • adjust the privileges or roles from an individual user account (when the individual is changing roles within the organization) or
  • obtain additional user subscriptions for additional users authorized to make use of the cloud services.

End-user organizations often overlook the fact that if an individual remains AUTHORIZED to make use of the Fusion Cloud Service, a subscription is required for that individual regardless of whether he or she is actively using the Fusion Cloud Service or not.

Mapping of users vs privileges vs cloud service vs cloud subscriptions

The actual mapping of individual user accounts to the different roles (abstract roles, job roles, data roles, duty roles), either standard out-of-the-box "seeded roles" or "custom roles," with their individual privileges (that may belong to one or more cloud services) and that may also belong to one or multiple cloud subscriptions, often results in an incomplete and inaccurate understanding of the actual consumption of the different subscriptions. Although Fusion Cloud is a SaaS solution from Oracle, as an end-user, you have the responsibility to make sure that the individual users are only getting access to the privileges belonging to the cloud services portion of the cloud subscriptions you purchased entitlements for. This compliance responsibility always remains on your side, as an end-user, and does not belong to Oracle.

Bundling changes – Keeping track is key

Oracle continuously develops new features and functionalities for its Fusion Cloud applications offering the great benefit of continuously remaining "up to date" with the latest and greatest developments. But the rapid developments within the application also means that you continuously need to stay up-to-date with the bundling changes that Oracle puts through on a quarterly basis.

For example, you may have bought Oracle cloud subscriptions for "Oracle Fusion Project Contract Billing Cloud Service" in 2018, including the right to make use of these cloud services:

  • Oracle Fusion Project Billing
  • Oracle Fusion Project Contracts
  • Oracle Fusion Enterprise Contracts Management
  • Oracle Fusion Transactional Business Intelligence for Projects

But Oracle decided in June 2019 to no longer sell this Cloud Subscription and instead bundled the functionalities into the "Oracle Fusion Enterprise Resource Planning Cloud Service" subscription.

This Oracle Fusion Enterprise Resource Planning Cloud Service includes several individual cloud services such as:

  • Financials Cloud Service
  • Fusion Financial Reports Center Cloud Service
  • Advanced Collections Cloud Service
  • Revenue Management Cloud Service
  • Grants Management Cloud Service
  • Project Contract Billing Cloud Service
  • Project Financials Cloud Service
  • Project Management Cloud Service
  • Automated Invoice Processing
  • Fusion Transactional Business Intelligence Cloud Service

So, if you want to renew your initial functional requirements, you will need to renew a different cloud subscription. This cloud subscription may, however, come with a higher price per Hosted Named User, especially if you did not negotiate a price hold in your Fusion Cloud contract.

Unlicensed cloud subscriptions through seeded users

Many end-user organizations started to make use of standard job roles (seeded roles) at the start of their Fusion Cloud implementation. End-user organizations, however, often don’t realize that through these seeded roles, additional privileges providing access to unlicensed cloud subscriptions are granted to the users as were setup with the cloud environment. End-users that have licensed their cloud services on a "Hosted Employee" metric are often confronted with a claim from Oracle that additional subscriptions for the unlicensed cloud subscription ABC are required to be obtained for the entire Employee population.

Generic users or multiplexing users

End-users that created "generic" or "multiplexing" users within their on-premises applications are using a similar concept within the Oracle Fusion Cloud environment. It is not uncommon that end-users either setup an "IT Service Desk User" or "Finance Department User" within the cloud service, which allows multiple individuals who are working in the same department to access multiple different Fusion Cloud Services through one generic username. However, because the licensing terms specify that everyone that is authorized to make use of the cloud service is required to have a subscription, setting up one generic user for an IT Service Desk department with 22 distinct employees, for example, actually requires you to have a subscription for all 22 distinct individuals authorized to use the different cloud services through the generic user account.

Application Implementation Consultant

The moment that you start implementing and configuring your Fusion Cloud environment, administrators typically start to make use of the powerful standard role called "Application Implementation Consultant." This role enables administrators to configure anything within the Fusion Cloud Service. Once you finalize the configuration of the Fusion Cloud, Oracle’s program documentation specifies in detail that you should remove this role and replace it with other roles that are less powerful. In practice, however, this is often forgotten and means that the implementation consultants continue to have access to all the different Fusion Cloud Services available. This results in a subscription requirement for the implementation consultants, even if you completed your configuration years ago.

Double counting

A specific privilege may be part of multiple cloud services. As one example only, the privilege "Access Time Work Area" belongs to both the cloud subscription "Time and Labor Cloud Service" and the cloud subscription "Enterprise Resource Planning for Self Service Cloud Service." This is just one of many examples that we see in our day-to-day practice. Many end-users struggle with mapping the right privilege to the right cloud subscription, often resulting in "double counting" of the required number of cloud subscriptions for your consumption reporting as preparation for your Fusion Cloud renewal.

In addition, an individual user (e.g.: John Doe) may have multiple user accounts setup within your Cloud environment. Think of John Doe, for example, as your cloud administrator who has access to all the different cloud services in order to configure the different users (through a user ID called "SYSADMIN"), and who also has access to the different cloud services through his own personal user account: JOHNDOE. As per the licensing terms, the total amount of distinct individuals (and not usernames) is required to be counted to determine the number of subscriptions required. If John Doe has access to the cloud service through two user accounts, he still remains as one individual that should be counted only once, but he is required to be counted for each individual cloud service he has access to (as assigned to through one of the two accounts).

Robots or non-human users

More and more end-user organizations start to make use of RPA tools and "robots" to take care of repetitive tasks. These robots may require direct or indirect access to the cloud service but are not individuals (human beings) as defined under Oracle’s standard terms and conditions. Although Oracle is not explicit in its licensing terms (and we recommend you obtain clear language for this in your agreements) Oracle does consider such "robot" user as an individual user that is required to have its own subscription. Or, depending on how access is regulated, each individual that is able to execute the "bot" is required to be counted for an individual subscription.

Summary

Although many end-users think that with the cloud all the compliance issues are gone, the reality is completely different. Having a clear and accurate understanding of the obtained rights from your cloud subscriptions, and reconciling these with your actual consumption of the different cloud subscriptions on a regular basis, is necessary to avoid and save costs. SoftwareOne’s Oracle Advisory Services are specifically designed to help you as an end-user to achieve these goals. Reach out to your SoftwareOne representative to schedule a call with one of our solution specialists to find out more.


An image of a blue and red light coming out of a box.

Take control of your cloud journey

Compliance issues are not completely gone in the cloud, so you should always have a clear and accurate understanding of your rights. Reach out to us to learn how we can support you to achieve and maintain compliance and save costs in the cloud.

Take control of your cloud journey

Compliance issues are not completely gone in the cloud, so you should always have a clear and accurate understanding of your rights. Reach out to us to learn how we can support you to achieve and maintain compliance and save costs in the cloud.

Author

SoftwareOne blog editorial team

Blog Editorial Team

We analyse the latest IT trends and industry-relevant innovations to keep you up-to-date with the latest technology.