Beam Global Services and Ocado

Redesigning Oracle Cloud roles and automating controls for Ocado Group

Case Study · 5 minute read · 30 May 2026

Two consultants reviewing Oracle Cloud access and controls together

Beam Global Services led the custom redesign of Oracle Cloud job roles and the end-to-end implementation of Oracle Risk Management Cloud (RMC) for Ocado Group, embedding clean, least-privilege access and automated Segregation of Duties (SoD) controls across Finance and Supply Chain.

Client: Ocado Group
Industry: Retail & online grocery technology
Our role: Oracle Role Design & RMC Implementation
Featuring: Oracle Risk Management Cloud

Ocado Group runs core finance and supply-chain operations on Oracle Cloud (Fusion). As the business scaled, its job roles and access privileges needed to be re-examined against audit expectations and Segregation of Duties (SoD) requirements, making sure no single user could perform conflicting tasks, such as creating and approving the same transaction.

Beam Global Services led the engagement end to end with a specialist team of five, working alongside Ocado's Finance, Supply Chain and IT teams. The objective was twofold: redesign the Oracle Cloud roles around what the business actually does day to day, and stand up Oracle Risk Management Cloud (RMC) to detect, report and remediate SoD conflicts on an ongoing basis.

“We consolidated access around the Principle of Least Privilege, resolving Segregation of Duties violations at the source, not just monitoring them.”

Beam Global Services, Oracle RMC delivery team

Situation

Access that had to stand up to audit and SoD scrutiny.

Over time, access in a growing Oracle Cloud estate tends to accumulate. Privileges are granted to keep the business moving, roles broaden, and conflicting combinations of access creep in, the classic Segregation of Duties problem, where the same person can both raise and approve a payment.

Ocado needed two things in step with each other. First, a clean set of Oracle Cloud roles, redesigned around real business needs in Finance and Supply Chain and aligned to audit and SoD rules. Second, a way to enforce and monitor those rules continuously, detecting violations automatically rather than discovering them at audit time.

Solution

Redesign. Build. Automate. Remediate.

Beam delivered the work in five clear stages, redesigning the roles, building and testing them in Oracle Cloud, defining the SoD rulebook, implementing Oracle RMC, and remediating the conflicts it surfaced. Accelerators were used throughout to move quickly without cutting corners, and every stage was run hand in hand with the client's business and IT teams.

How we delivered

Project milestones

01
Oracle Fusion Role Redesign
- Led the Oracle Fusion role redesign exercise by reviewing business needs along with audit and SoD requirements.
- Used accelerators to design the roles, working with business leads from Finance and Supply Chain.
02
Oracle Cloud Role Build
- Implemented the role redesign by creating new custom roles in Oracle Cloud, working closely with the IT team.
- Led the build and test of the new custom roles in Oracle Fusion.
03
Segregation of Duties (SoD) Requirements
- Led the SoD requirement exercise, using accelerators to help the client finalise SoD rules efficiently.
- Mapped the SoD rules in Oracle RMC to Oracle Cloud privileges to produce a detailed SoD Matrix.
04
Implementation of Oracle RMC
- Led the build and unit test of SoD rules in Oracle RMC.
- Organised User Acceptance Testing (UAT) sessions for client stakeholders.
05
Segregation of Duties (SoD) Remediation
- Planned the remediation of intra-role and inter-role SoD violations reported by Oracle RMC.
- Led the exercise to consolidate access based on the 'Principle of Least Privilege', resolving SoD violations.