SlideShare ist ein Scribd-Unternehmen logo

Oracle Fusion Applications Security - Designing Roles

K
kmundy

Oracle Fusion Applications Security - How to design user roles within Fusion Applications..

Technologie
1 von 38
<Insert Picture Here> Designing Security Roles Functional Architecture Implementation Support (FAIS Team) Kiran Mundy May, 2012
Disclaimer • I am an Oracle employee. • The content of this Presentation is my own and does not necessarily reflect the views of Oracle. 2
Contents • Overview • Screens you need to know about.. • Designing a new role • Privileges & Data Security Policies • Data Roles • Use Cases • Designing a new Role. • Generating a Data Role from a Template. • Stepping down a Duty hierarchy. • Terminology 3
Overview 4
Screens you need to know about… Oracle Identity Manager Authorization Policy Manager (Delegated Administration) (Oracle Entitlements Server) Create Users Data Create Roles Role & Hierarchies Duties Assign Role Generate Role Duties Duties Data Security Object + Policy Actions Role Role Duties Role Privilege Screens Role and Role Actions within Screens Automatically Yes, you could create Sent HCM Screen users and assign roles in OIM Create Person But FSM Steps you through here because Roles Auto-provision HCM Employee details often needed in Apps 5
Designing a New Role - Overview Oracle Identity Manager Authorization Policy Manager (Delegated Administration) (Oracle Entitlements Server) Data Create Roles Role & Hierarchies Duties Generate Role Duties Duties Data Security Object + Policy actions Role Role Duties Role Privilege Screens Role and Role Actions within Screens Create a new Role & Assign Create new Duties and Create new Duties under it. Generate a assign Data Security Policies Policies & Data Role from it. & Privileges under it. Privileges Increasing Difficulty 6
Functional & Data Security Policies – Functional Policy = Data Security Policy = Code artifacts + Allowed Actions DB Objects + Allowed actions. Fusion Apps Screen Possible Actions: Read Function Object Update behind screen + Delete Manage Note – If there is no data security policy specified on a duty role, it means that all actions on all objects behind the screens (specified by functional policy) are allowed. 7
Data Roles Data role  Takes the Data Security Policy = DB Objects + Allowed actions. “data” your role has Invoices in BU 3 access to (from the right) and slices it up by BU. Project Possible Actions: Possible Actions: Each data role has Project Project Object = + + + Read Possible Actions: Read Possible Actions: Read access to “one” slice. Invoices in BU 1 + Read Invoices in BU 2 8
Powerpoint Demo 9
Designing a New Role – Where to Start… • Security Reference Implementation – Gives Example Roles for each FSM Offering. • Login to OER as Guest https://fusionappsoer.oracle.com/oer/index.jsp • Search Criteria Type = Role, Logical Business Area = “All Fusion Apps…” • Under Documentation Tab, open up “Security Reference Manual” 10
11
12
Lets say to Billing Inquiry Duty, you want to add “View Customer Account Contact” 13
Creating/Changing Duty Roles – Start with FSM Under “Define Security for … <your offering>”, click on “Manage Duties” 14
Find the Duty Role Choose the right Application & search for the Duties 15
Can’t find Duty? Check - Find Existing Policies - Application - Starts With vs Contains - Display Name vs Role Name Query up the Duty, click on “Find Policies” to see the existing policies the role has 16
Alternatively Can Search – By Role 17
Then Open the Duty 18
And Find Policies 19
“Open” Policies to see all policies 20
Targets/Privileges shown.. 21
Here’s the privilege we wanted to add.. 22
Create a new functional policy 23
Add a target into the new policy 24
Search for the target (or entitlement).. 25
Give the new policy a name and save… 26
Re-query the Duty.. New policy and target show up… 27
Existing Data Security Policies Apparently there are no data security policies for “Billing Inquiry Duty” as yet, which means – Data access behind the screen is not restricted at this level. 28
Generating Data Roles • After you’ve implemented your system and have your BU’s etc in.. • Figure out which role templates you want to use to generate your data roles… (How?) 29
Find the Role Template 30
Preview Roles about to be generated.. 31
Verify that they look correct… 32
Click on “Generate Roles” 33
Terminology 34
Terminology Review • Security Reference Implementation • An complete example implementation of Security for each Fusion Offering. • Details in Security Reference Manuals for each Product. • Role (External Role or Enterprise Role) • Created in LDAP (Using Oracle Identity Manager) • Can also create a hierarchy of these Roles • Normally data roles are generated which also govern the Business Unit (or other determinant) stripe of data the user will see. • Role Category • A way to classify roles. • Examples from Reference Implementation - HCM Abstract Roles, HCM Job Roles, Financials Job Roles etc.. 35
Terminology • Abstract Role (External Role or Enterprise Role) • “Abstract” is nothing more than a category we seed to classify roles in our Reference Implementation. • Roles we seed that are in this category are - • Accessory roles such as - Employee, Contingent Worker etc. • Not a role you would find described on Monster.com • Usually assigned directly - does not require data role generated on top of it. • Job Role • Also nothing more than a category we seed. • Roles we seed that are in this category are - • Roles that you would hire someone into – Accounts Payables Manager, Billing Clerk etc. • Usually requires a data role generated on top of it. 36
Terminology • Duty Role (Application Role or Principal) • This is the most granular form of role which is created and managed in Authorization Policy Manager. Privileges & data security policies are assigned to it. • Functional Policy • Each policy contains a set of targets that the policy provides access to. • Entitlement (or Privilege or Target) • Screens, buttons, lists, web services or other code artifacts 37
Terminology • Data Security Policy • Specifies an Object and what actions you can do to it. Possible actions you can pick from to create a policy are pre- defined for each Business Object. • Database Resource • Database table or groups of tables with data. 38

Empfohlen

Understanding Multi-Org Structure in Oracle Apps
Understanding Multi-Org Structure in Oracle AppsUnderstanding Multi-Org Structure in Oracle Apps
Understanding Multi-Org Structure in Oracle AppsBaker Khader Abdallah, PMP
 
Oracle cloud security | User Security, Roles, Access Control and more
Oracle cloud security | User Security, Roles, Access Control and moreOracle cloud security | User Security, Roles, Access Control and more
Oracle cloud security | User Security, Roles, Access Control and moreCLTConsultingService
 
Oracle Inventory
Oracle InventoryOracle Inventory
Oracle Inventoryshravan kumar chelika
 
Designing a Chart of Accounts and Enterprise Structure in Oracle Fusion ERP C...
Designing a Chart of Accounts and Enterprise Structure in Oracle Fusion ERP C...Designing a Chart of Accounts and Enterprise Structure in Oracle Fusion ERP C...
Designing a Chart of Accounts and Enterprise Structure in Oracle Fusion ERP C...Prithis Das, PMP, OCS ☁️
 
Oracle Purchasing R12 Setup Steps
Oracle Purchasing R12 Setup StepsOracle Purchasing R12 Setup Steps
Oracle Purchasing R12 Setup StepsAhmed Elshayeb
 
Oracle inventory R12 Setup Guide
Oracle inventory R12 Setup GuideOracle inventory R12 Setup Guide
Oracle inventory R12 Setup GuideAhmed Elshayeb
 
Oracle_Procurement_Cloud_Release_8_Whats_New
Oracle_Procurement_Cloud_Release_8_Whats_NewOracle_Procurement_Cloud_Release_8_Whats_New
Oracle_Procurement_Cloud_Release_8_Whats_NewKhalil Rehman NLP (MPrac) MCIPS, PMP,OCP
 
Oracle Fusion Financials Overview
Oracle Fusion Financials OverviewOracle Fusion Financials Overview
Oracle Fusion Financials OverviewBerry Clemens
 

Empfohlen

Understanding Multi-Org Structure in Oracle Apps
Understanding Multi-Org Structure in Oracle AppsUnderstanding Multi-Org Structure in Oracle Apps
Understanding Multi-Org Structure in Oracle AppsBaker Khader Abdallah, PMP
 
Oracle cloud security | User Security, Roles, Access Control and more
Oracle cloud security | User Security, Roles, Access Control and moreOracle cloud security | User Security, Roles, Access Control and more
Oracle cloud security | User Security, Roles, Access Control and moreCLTConsultingService
 
Oracle Inventory
Oracle InventoryOracle Inventory
Oracle Inventoryshravan kumar chelika
 
Designing a Chart of Accounts and Enterprise Structure in Oracle Fusion ERP C...
Designing a Chart of Accounts and Enterprise Structure in Oracle Fusion ERP C...Designing a Chart of Accounts and Enterprise Structure in Oracle Fusion ERP C...
Designing a Chart of Accounts and Enterprise Structure in Oracle Fusion ERP C...Prithis Das, PMP, OCS ☁️
 
Oracle Purchasing R12 Setup Steps
Oracle Purchasing R12 Setup StepsOracle Purchasing R12 Setup Steps
Oracle Purchasing R12 Setup StepsAhmed Elshayeb
 
Oracle inventory R12 Setup Guide
Oracle inventory R12 Setup GuideOracle inventory R12 Setup Guide
Oracle inventory R12 Setup GuideAhmed Elshayeb
 
Oracle_Procurement_Cloud_Release_8_Whats_New
Oracle_Procurement_Cloud_Release_8_Whats_NewOracle_Procurement_Cloud_Release_8_Whats_New
Oracle_Procurement_Cloud_Release_8_Whats_NewKhalil Rehman NLP (MPrac) MCIPS, PMP,OCP
 
Oracle Fusion Financials Overview
Oracle Fusion Financials OverviewOracle Fusion Financials Overview
Oracle Fusion Financials OverviewBerry Clemens
 
Organization Setup in R12
Organization Setup in R12Organization Setup in R12
Organization Setup in R12eprentise
 
5 enterprise structures
5 enterprise structures5 enterprise structures
5 enterprise structuresmohamed refaei
 
Oracle financials functional training on ap, ar & gl
Oracle financials functional training on ap, ar & glOracle financials functional training on ap, ar & gl
Oracle financials functional training on ap, ar & glmagnifics
 
Oracle R12 Financials New Features Overview
Oracle R12 Financials New Features OverviewOracle R12 Financials New Features Overview
Oracle R12 Financials New Features OverviewiWare Logic Technologies Pvt. Ltd.
 
Oracle Payables R12 ivas
Oracle Payables R12 ivasOracle Payables R12 ivas
Oracle Payables R12 ivasAli Ibrahim
 
Oracle procurement contracts
Oracle procurement contractsOracle procurement contracts
Oracle procurement contractssivakumar046
 
Secondary Ledger implementation in Oracle R12
Secondary Ledger implementation in Oracle R12Secondary Ledger implementation in Oracle R12
Secondary Ledger implementation in Oracle R12Prithis Das, PMP, OCS ☁️
 
Oracle R12 Apps – SCM Functional Interview Questions & Answers – Purchasing M...
Oracle R12 Apps – SCM Functional Interview Questions & Answers – Purchasing M...Oracle R12 Apps – SCM Functional Interview Questions & Answers – Purchasing M...
Oracle R12 Apps – SCM Functional Interview Questions & Answers – Purchasing M...Boopathy CS
 
Oracle ERP Cloud Period Close White Paper
Oracle ERP Cloud Period Close White PaperOracle ERP Cloud Period Close White Paper
Oracle ERP Cloud Period Close White PaperGhouseBatlapadu
 
Understanding credit check in oracle e business suite
Understanding credit check in oracle e business suiteUnderstanding credit check in oracle e business suite
Understanding credit check in oracle e business suiteOlumide Idowu
 
Oracle fixed assets
Oracle fixed assetsOracle fixed assets
Oracle fixed assetsSuresh Mishra
 
Oracle learning management
Oracle learning managementOracle learning management
Oracle learning managementFeras Ahmad
 
Oracle order management implementation manual
Oracle order management implementation manualOracle order management implementation manual
Oracle order management implementation manualNawaz Sk
 
Wip back flush
Wip back flushWip back flush
Wip back flushDAve Swanson
 
Oracle General ledger ivas
Oracle General ledger ivasOracle General ledger ivas
Oracle General ledger ivasAli Ibrahim
 
Period end closure document r 12
Period end closure document r 12Period end closure document r 12
Period end closure document r 12kurmalak
 
Oracle Fusion Payments
Oracle Fusion Payments Oracle Fusion Payments
Oracle Fusion Payments Berry Clemens
 
Oracle Purchasing Internal Requisition
Oracle Purchasing Internal RequisitionOracle Purchasing Internal Requisition
Oracle Purchasing Internal RequisitionAhmed Elshayeb
 
All About Multi Organization Access
All About Multi Organization AccessAll About Multi Organization Access
All About Multi Organization AccessAhmed Elshayeb
 
Oracle R12 Order Management - Back to Back (B2B) Order Flow:
Oracle R12 Order Management - Back to Back (B2B) Order Flow:Oracle R12 Order Management - Back to Back (B2B) Order Flow:
Oracle R12 Order Management - Back to Back (B2B) Order Flow:Boopathy CS
 
Sap inside track_2011_marks_sap_business_objects_security
Sap inside track_2011_marks_sap_business_objects_securitySap inside track_2011_marks_sap_business_objects_security
Sap inside track_2011_marks_sap_business_objects_securitysjohannes
 
Df2012 securing information_assets_in_saa_s_clouds_3_0
Df2012 securing information_assets_in_saa_s_clouds_3_0Df2012 securing information_assets_in_saa_s_clouds_3_0
Df2012 securing information_assets_in_saa_s_clouds_3_0debbanerjee
 

Weitere ähnliche Inhalte

Was ist angesagt?

Organization Setup in R12
Organization Setup in R12Organization Setup in R12
Organization Setup in R12eprentise
 
5 enterprise structures
5 enterprise structures5 enterprise structures
5 enterprise structuresmohamed refaei
 
Oracle financials functional training on ap, ar & gl
Oracle financials functional training on ap, ar & glOracle financials functional training on ap, ar & gl
Oracle financials functional training on ap, ar & glmagnifics
 
Oracle Payables R12 ivas
Oracle Payables R12 ivasOracle Payables R12 ivas
Oracle Payables R12 ivasAli Ibrahim
 
Oracle procurement contracts
Oracle procurement contractsOracle procurement contracts
Oracle procurement contractssivakumar046
 
Oracle R12 Apps – SCM Functional Interview Questions & Answers – Purchasing M...
Oracle R12 Apps – SCM Functional Interview Questions & Answers – Purchasing M...Oracle R12 Apps – SCM Functional Interview Questions & Answers – Purchasing M...
Oracle R12 Apps – SCM Functional Interview Questions & Answers – Purchasing M...Boopathy CS
 
Oracle ERP Cloud Period Close White Paper
Oracle ERP Cloud Period Close White PaperOracle ERP Cloud Period Close White Paper
Oracle ERP Cloud Period Close White PaperGhouseBatlapadu
 
Understanding credit check in oracle e business suite
Understanding credit check in oracle e business suiteUnderstanding credit check in oracle e business suite
Understanding credit check in oracle e business suiteOlumide Idowu
 
Oracle learning management
Oracle learning managementOracle learning management
Oracle learning managementFeras Ahmad
 
Oracle order management implementation manual
Oracle order management implementation manualOracle order management implementation manual
Oracle order management implementation manualNawaz Sk
 
Oracle General ledger ivas
Oracle General ledger ivasOracle General ledger ivas
Oracle General ledger ivasAli Ibrahim
 
Period end closure document r 12
Period end closure document r 12Period end closure document r 12
Period end closure document r 12kurmalak
 
Oracle Fusion Payments
Oracle Fusion Payments Oracle Fusion Payments
Oracle Fusion Payments Berry Clemens
 
Oracle Purchasing Internal Requisition
Oracle Purchasing Internal RequisitionOracle Purchasing Internal Requisition
Oracle Purchasing Internal RequisitionAhmed Elshayeb
 
All About Multi Organization Access
All About Multi Organization AccessAll About Multi Organization Access
All About Multi Organization AccessAhmed Elshayeb
 
Oracle R12 Order Management - Back to Back (B2B) Order Flow:
Oracle R12 Order Management - Back to Back (B2B) Order Flow:Oracle R12 Order Management - Back to Back (B2B) Order Flow:
Oracle R12 Order Management - Back to Back (B2B) Order Flow:Boopathy CS
 

Was ist angesagt? (20)

Organization Setup in R12
Organization Setup in R12Organization Setup in R12
Organization Setup in R12
 
5 enterprise structures
5 enterprise structures5 enterprise structures
5 enterprise structures
 
Oracle financials functional training on ap, ar & gl
Oracle financials functional training on ap, ar & glOracle financials functional training on ap, ar & gl
Oracle financials functional training on ap, ar & gl
 
Oracle R12 Financials New Features Overview
Oracle R12 Financials New Features OverviewOracle R12 Financials New Features Overview
Oracle R12 Financials New Features Overview
 
Oracle Payables R12 ivas
Oracle Payables R12 ivasOracle Payables R12 ivas
Oracle Payables R12 ivas
 
Oracle procurement contracts
Oracle procurement contractsOracle procurement contracts
Oracle procurement contracts
 
Secondary Ledger implementation in Oracle R12
Secondary Ledger implementation in Oracle R12Secondary Ledger implementation in Oracle R12
Secondary Ledger implementation in Oracle R12
 
Oracle R12 Apps – SCM Functional Interview Questions & Answers – Purchasing M...
Oracle R12 Apps – SCM Functional Interview Questions & Answers – Purchasing M...Oracle R12 Apps – SCM Functional Interview Questions & Answers – Purchasing M...
Oracle R12 Apps – SCM Functional Interview Questions & Answers – Purchasing M...
 
Oracle ERP Cloud Period Close White Paper
Oracle ERP Cloud Period Close White PaperOracle ERP Cloud Period Close White Paper
Oracle ERP Cloud Period Close White Paper
 
Understanding credit check in oracle e business suite
Understanding credit check in oracle e business suiteUnderstanding credit check in oracle e business suite
Understanding credit check in oracle e business suite
 
Oracle fixed assets
Oracle fixed assetsOracle fixed assets
Oracle fixed assets
 
Oracle learning management
Oracle learning managementOracle learning management
Oracle learning management
 
Oracle order management implementation manual
Oracle order management implementation manualOracle order management implementation manual
Oracle order management implementation manual
 
Wip back flush
Wip back flushWip back flush
Wip back flush
 
Oracle General ledger ivas
Oracle General ledger ivasOracle General ledger ivas
Oracle General ledger ivas
 
Period end closure document r 12
Period end closure document r 12Period end closure document r 12
Period end closure document r 12
 
Oracle Fusion Payments
Oracle Fusion Payments Oracle Fusion Payments
Oracle Fusion Payments
 
Oracle Purchasing Internal Requisition
Oracle Purchasing Internal RequisitionOracle Purchasing Internal Requisition
Oracle Purchasing Internal Requisition
 
All About Multi Organization Access
All About Multi Organization AccessAll About Multi Organization Access
All About Multi Organization Access
 
Oracle R12 Order Management - Back to Back (B2B) Order Flow:
Oracle R12 Order Management - Back to Back (B2B) Order Flow:Oracle R12 Order Management - Back to Back (B2B) Order Flow:
Oracle R12 Order Management - Back to Back (B2B) Order Flow:
 

Ähnlich wie Oracle Fusion Applications Security - Designing Roles

Sap inside track_2011_marks_sap_business_objects_security
Sap inside track_2011_marks_sap_business_objects_securitySap inside track_2011_marks_sap_business_objects_security
Sap inside track_2011_marks_sap_business_objects_securitysjohannes
 
Df2012 securing information_assets_in_saa_s_clouds_3_0
Df2012 securing information_assets_in_saa_s_clouds_3_0Df2012 securing information_assets_in_saa_s_clouds_3_0
Df2012 securing information_assets_in_saa_s_clouds_3_0debbanerjee
 
Brief introduction to domain-driven design
Brief introduction to domain-driven designBrief introduction to domain-driven design
Brief introduction to domain-driven designYongqiang Li
 
OWASP Identity Manegement
OWASP Identity ManegementOWASP Identity Manegement
OWASP Identity ManegementFlávio Silva
 
A Brief Tour of Responsability Driven Design
A Brief Tour of Responsability Driven DesignA Brief Tour of Responsability Driven Design
A Brief Tour of Responsability Driven Designelliando dias
 
Jazoon'12 Enterprise-wide Cloud Governance
Jazoon'12 Enterprise-wide Cloud GovernanceJazoon'12 Enterprise-wide Cloud Governance
Jazoon'12 Enterprise-wide Cloud GovernanceNetcetera
 
EBS and PDH, a comparision
EBS and PDH, a comparisionEBS and PDH, a comparision
EBS and PDH, a comparisionLarry Sherrod
 
Award Winning Data Governance
Award Winning Data GovernanceAward Winning Data Governance
Award Winning Data GovernanceDATAVERSITY
 
The CrowdSearch framework
The CrowdSearch frameworkThe CrowdSearch framework
The CrowdSearch frameworkCUbRIK Project
 
Authorization Services
Authorization ServicesAuthorization Services
Authorization ServicesEmpowerID
 
Extending Workflow Foundation With Custom Activities
Extending Workflow Foundation With Custom ActivitiesExtending Workflow Foundation With Custom Activities
Extending Workflow Foundation With Custom Activitiesrsnarayanan
 
Integrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCIntegrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCDATAVERSITY
 
Role-Based Access Control
Role-Based Access ControlRole-Based Access Control
Role-Based Access ControlEmpowerID
 
Alfresco day madrid jeff potts - activiti
Alfresco day madrid jeff potts - activitiAlfresco day madrid jeff potts - activiti
Alfresco day madrid jeff potts - activitiAlfresco Software
 
Alfresco Day Madrid - Jeff Potts - Activiti
Alfresco Day Madrid - Jeff Potts - ActivitiAlfresco Day Madrid - Jeff Potts - Activiti
Alfresco Day Madrid - Jeff Potts - ActivitiToni de la Fuente
 
Understanding Interaction Design
Understanding Interaction DesignUnderstanding Interaction Design
Understanding Interaction DesignDavid Rondeau
 
Securing the Automation of Application Deployment with UrbanCode Deploy
Securing the Automation of Application Deployment with UrbanCode DeploySecuring the Automation of Application Deployment with UrbanCode Deploy
Securing the Automation of Application Deployment with UrbanCode DeployIBM UrbanCode Products
 

Ähnlich wie Oracle Fusion Applications Security - Designing Roles (20)

Sap inside track_2011_marks_sap_business_objects_security
Sap inside track_2011_marks_sap_business_objects_securitySap inside track_2011_marks_sap_business_objects_security
Sap inside track_2011_marks_sap_business_objects_security
 
Df2012 securing information_assets_in_saa_s_clouds_3_0
Df2012 securing information_assets_in_saa_s_clouds_3_0Df2012 securing information_assets_in_saa_s_clouds_3_0
Df2012 securing information_assets_in_saa_s_clouds_3_0
 
Brief introduction to domain-driven design
Brief introduction to domain-driven designBrief introduction to domain-driven design
Brief introduction to domain-driven design
 
OWASP Identity Manegement
OWASP Identity ManegementOWASP Identity Manegement
OWASP Identity Manegement
 
Hypothesis Based Testing: Power + Speed.
Hypothesis Based Testing: Power + Speed.Hypothesis Based Testing: Power + Speed.
Hypothesis Based Testing: Power + Speed.
 
A Brief Tour of Responsability Driven Design
A Brief Tour of Responsability Driven DesignA Brief Tour of Responsability Driven Design
A Brief Tour of Responsability Driven Design
 
Jazoon'12 Enterprise-wide Cloud Governance
Jazoon'12 Enterprise-wide Cloud GovernanceJazoon'12 Enterprise-wide Cloud Governance
Jazoon'12 Enterprise-wide Cloud Governance
 
EBS and PDH, a comparision
EBS and PDH, a comparisionEBS and PDH, a comparision
EBS and PDH, a comparision
 
Award Winning Data Governance
Award Winning Data GovernanceAward Winning Data Governance
Award Winning Data Governance
 
The CrowdSearch framework
The CrowdSearch frameworkThe CrowdSearch framework
The CrowdSearch framework
 
Ria
RiaRia
Ria
 
Authorization Services
Authorization ServicesAuthorization Services
Authorization Services
 
Extending Workflow Foundation With Custom Activities
Extending Workflow Foundation With Custom ActivitiesExtending Workflow Foundation With Custom Activities
Extending Workflow Foundation With Custom Activities
 
Social Modeling
Social ModelingSocial Modeling
Social Modeling
 
Integrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCIntegrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLC
 
Role-Based Access Control
Role-Based Access ControlRole-Based Access Control
Role-Based Access Control
 
Alfresco day madrid jeff potts - activiti
Alfresco day madrid jeff potts - activitiAlfresco day madrid jeff potts - activiti
Alfresco day madrid jeff potts - activiti
 
Alfresco Day Madrid - Jeff Potts - Activiti
Alfresco Day Madrid - Jeff Potts - ActivitiAlfresco Day Madrid - Jeff Potts - Activiti
Alfresco Day Madrid - Jeff Potts - Activiti
 
Understanding Interaction Design
Understanding Interaction DesignUnderstanding Interaction Design
Understanding Interaction Design
 
Securing the Automation of Application Deployment with UrbanCode Deploy
Securing the Automation of Application Deployment with UrbanCode DeploySecuring the Automation of Application Deployment with UrbanCode Deploy
Securing the Automation of Application Deployment with UrbanCode Deploy
 

Kürzlich hochgeladen

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

Kürzlich hochgeladen (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

Oracle Fusion Applications Security - Designing Roles

  • 1. <Insert Picture Here> Designing Security Roles Functional Architecture Implementation Support (FAIS Team) Kiran Mundy May, 2012
  • 2. Disclaimer • I am an Oracle employee. • The content of this Presentation is my own and does not necessarily reflect the views of Oracle. 2
  • 3. Contents • Overview • Screens you need to know about.. • Designing a new role • Privileges & Data Security Policies • Data Roles • Use Cases • Designing a new Role. • Generating a Data Role from a Template. • Stepping down a Duty hierarchy. • Terminology 3
  • 5. Screens you need to know about… Oracle Identity Manager Authorization Policy Manager (Delegated Administration) (Oracle Entitlements Server) Create Users Data Create Roles Role & Hierarchies Duties Assign Role Generate Role Duties Duties Data Security Object + Policy Actions Role Role Duties Role Privilege Screens Role and Role Actions within Screens Automatically Yes, you could create Sent HCM Screen users and assign roles in OIM Create Person But FSM Steps you through here because Roles Auto-provision HCM Employee details often needed in Apps 5
  • 6. Designing a New Role - Overview Oracle Identity Manager Authorization Policy Manager (Delegated Administration) (Oracle Entitlements Server) Data Create Roles Role & Hierarchies Duties Generate Role Duties Duties Data Security Object + Policy actions Role Role Duties Role Privilege Screens Role and Role Actions within Screens Create a new Role & Assign Create new Duties and Create new Duties under it. Generate a assign Data Security Policies Policies & Data Role from it. & Privileges under it. Privileges Increasing Difficulty 6
  • 7. Functional & Data Security Policies – Functional Policy = Data Security Policy = Code artifacts + Allowed Actions DB Objects + Allowed actions. Fusion Apps Screen Possible Actions: Read Function Object Update behind screen + Delete Manage Note – If there is no data security policy specified on a duty role, it means that all actions on all objects behind the screens (specified by functional policy) are allowed. 7
  • 8. Data Roles Data role  Takes the Data Security Policy = DB Objects + Allowed actions. “data” your role has Invoices in BU 3 access to (from the right) and slices it up by BU. Project Possible Actions: Possible Actions: Each data role has Project Project Object = + + + Read Possible Actions: Read Possible Actions: Read access to “one” slice. Invoices in BU 1 + Read Invoices in BU 2 8
  • 10. Designing a New Role – Where to Start… • Security Reference Implementation – Gives Example Roles for each FSM Offering. • Login to OER as Guest https://fusionappsoer.oracle.com/oer/index.jsp • Search Criteria Type = Role, Logical Business Area = “All Fusion Apps…” • Under Documentation Tab, open up “Security Reference Manual” 10
  • 11. 11
  • 12. 12
  • 13. Lets say to Billing Inquiry Duty, you want to add “View Customer Account Contact” 13
  • 14. Creating/Changing Duty Roles – Start with FSM Under “Define Security for … <your offering>”, click on “Manage Duties” 14
  • 15. Find the Duty Role Choose the right Application & search for the Duties 15
  • 16. Can’t find Duty? Check - Find Existing Policies - Application - Starts With vs Contains - Display Name vs Role Name Query up the Duty, click on “Find Policies” to see the existing policies the role has 16
  • 17. Alternatively Can Search – By Role 17
  • 18. Then Open the Duty 18
  • 20. “Open” Policies to see all policies 20
  • 22. Here’s the privilege we wanted to add.. 22
  • 23. Create a new functional policy 23
  • 24. Add a target into the new policy 24
  • 25. Search for the target (or entitlement).. 25
  • 26. Give the new policy a name and save… 26
  • 27. Re-query the Duty.. New policy and target show up… 27
  • 28. Existing Data Security Policies Apparently there are no data security policies for “Billing Inquiry Duty” as yet, which means – Data access behind the screen is not restricted at this level. 28
  • 29. Generating Data Roles • After you’ve implemented your system and have your BU’s etc in.. • Figure out which role templates you want to use to generate your data roles… (How?) 29
  • 30. Find the Role Template 30
  • 31. Preview Roles about to be generated.. 31
  • 32. Verify that they look correct… 32
  • 33. Click on “Generate Roles” 33
  • 35. Terminology Review • Security Reference Implementation • An complete example implementation of Security for each Fusion Offering. • Details in Security Reference Manuals for each Product. • Role (External Role or Enterprise Role) • Created in LDAP (Using Oracle Identity Manager) • Can also create a hierarchy of these Roles • Normally data roles are generated which also govern the Business Unit (or other determinant) stripe of data the user will see. • Role Category • A way to classify roles. • Examples from Reference Implementation - HCM Abstract Roles, HCM Job Roles, Financials Job Roles etc.. 35
  • 36. Terminology • Abstract Role (External Role or Enterprise Role) • “Abstract” is nothing more than a category we seed to classify roles in our Reference Implementation. • Roles we seed that are in this category are - • Accessory roles such as - Employee, Contingent Worker etc. • Not a role you would find described on Monster.com • Usually assigned directly - does not require data role generated on top of it. • Job Role • Also nothing more than a category we seed. • Roles we seed that are in this category are - • Roles that you would hire someone into – Accounts Payables Manager, Billing Clerk etc. • Usually requires a data role generated on top of it. 36
  • 37. Terminology • Duty Role (Application Role or Principal) • This is the most granular form of role which is created and managed in Authorization Policy Manager. Privileges & data security policies are assigned to it. • Functional Policy • Each policy contains a set of targets that the policy provides access to. • Entitlement (or Privilege or Target) • Screens, buttons, lists, web services or other code artifacts 37
  • 38. Terminology • Data Security Policy • Specifies an Object and what actions you can do to it. Possible actions you can pick from to create a policy are pre- defined for each Business Object. • Database Resource • Database table or groups of tables with data. 38