Two Security Models in Oracle EBS:Function Security + Role-Based Access Control

There are two main security models in Oracle E-Business Suite: “traditional” Oracle E-Business Suite responsibility-based security (usually referred to as “function security”) and Role-Based Access Control (RBAC). 

Function Security(Responsibility)

One of the main purposes of a responsibility is to provide access to a menu of functions.
For the simplest case of responsibility-based security, a menu is attached to a responsibility, and then a responsibility is assigned to a user.

At that point, the user has access to all of the functions attached to the menu through the responsibility.
Note that if the Grant check box is not checked for a particular function, the user cannot access that function.

Role-Based Access Control (RBAC)

Role-Based Access Control (RBAC) builds upon responsibility-based security.

Before 11.5.10 the only method for granting rights to users was through the use of responsibility. This gives the following problems:
- Diffcult to maintain
   - who is assigned to which responsibilities?
   - how can I easily revoke rights from my Inventory users?
- Easy to make mistakes.

The benefits of implementing Role Based Access Control (RBAC) are
- Structured user access control
- Reduced cost of administering user access control system
- Streamlined setup and implementation of security policies and rules

Therefore, in the release 11.5.10 Oracle has added the Role Based Access Control(RBAC), Initially, A Role contains one or more responsibilities.

Regarding detailed setup of RBAC security model(Role,Role Categories...), See here.

For More Detailed Information, Please check below references:

New Whitepaper: Function Security + Role-Based Access Control in Oracle EBS
Function Security and Role-Based Access Control (RBAC) in Oracle E-Business Suite [ID 1537100.1]

Overview of Oracle E-Business Suite Security