Home >Documents >System Administrator’s Guide - Security Release 11i ... Oracle Applications System...

System Administrator’s Guide - Security Release 11i ... Oracle Applications System...

Date post:20-Jun-2020
Category:
View:1 times
Download:0 times
Share this document with a friend
Transcript:
  • Oracle® Applications

    System Administrator’s Guide - Security

    Release 11i

    Part No. B13923-02

    January 2005

  • Oracle Applications System Administrator’s Guide - Security, Release 11i

    Part No. B13923-02

    Copyright © 1994, 2005, Oracle. All rights reserved.

    Primary Author: Charles Colt, Mildred Wang

    Contributing Author: George Buzsaki, Anne Carlson, Steve Carter, Siu Chang, Michelle Cheng, Kalyani Venkat Chervela, Kenny Tak Chi Ching, Killian Evers, Chirag Mehta, Tom Morrow, Srikanth Sallaka, Peter Pil Seo, Jan Smith, Susan Stratton, Sanjeev P. Topiwala, Roger Wigenstam

    The Programs (which include both the software and documentation) contain proprietary information; they are provided under a license agreement containing restrictions on use and disclosure and are also protected by copyright, patent, and other intellectual and industrial property laws. Reverse engineering, disassembly, or decompilation of the Programs, except to the extent required to obtain interoperability with other independently created software or as specified by law, is prohibited.

    The information contained in this document is subject to change without notice. If you find any problems in the documentation, please report them to us in writing. This document is not warranted to be error-free. Except as may be expressly permitted in your license agreement for these Programs, no part of these Programs may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose.

    If the Programs are delivered to the United States Government or anyone licensing or using the Programs on behalf of the United States Government, the following notice is applicable:

    U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the Programs, including documentation and technical data, shall be subject to the licensing restrictions set forth in the applicable Oracle license agreement, and, to the extent applicable, the additional rights set forth in FAR 52.227-19, Commercial Computer Software--Restricted Rights (June 1987). Oracle Corporation, 500 Oracle Parkway, Redwood City, CA 94065.

    The Programs are not intended for use in any nuclear, aviation, mass transit, medical, or other inherently dangerous applications. It shall be the licensee's responsibility to take all appropriate fail-safe, backup, redundancy and other measures to ensure the safe use of such applications if the Programs are used for such purposes, and we disclaim liability for any damages caused by such use of the Programs.

    The Programs may provide links to Web sites and access to content, products, and services from third parties. Oracle is not responsible for the availability of, or any content provided on, third-party Web sites. You bear all risks associated with the use of such content. If you choose to purchase any products or services from a third party, the relationship is directly between you and the third party. Oracle is not responsible for: (a) the quality of third-party products or services; or (b) fulfilling any of the terms of the agreement with the third party, including delivery of products or services and warranty obligations related to purchased products or services. Oracle is not responsible for any loss or damage of any sort that you may incur from dealing with any third party.

    Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

  • Contents

    Send Us Your Comments

    Preface

    1 Introduction

    Access Control in Oracle Applications . . . . . . . . . . . . . . . . . . . . . . . . 1- 1 Oracle User Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1- 1 Oracle Application Object Library Security . . . . . . . . . . . . . . . . . . . . . 1- 2 User and Data Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1- 2

    2 Access Control with Oracle User Management

    Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2- 1 Function Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2- 2 Data Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2- 2 Role Based Access Control (RBAC) . . . . . . . . . . . . . . . . . . . . . . . . 2- 3 Delegated Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2- 5 Registration Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2- 6 Self Service and Approvals . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12

    3 Oracle User Management Setup and Administration

    Setup Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3- 1 Defining Role Categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3- 1 Creating and Updating Roles . . . . . . . . . . . . . . . . . . . . . . . . . . 3- 1 Assigning Permissions to Roles . . . . . . . . . . . . . . . . . . . . . . . . . 3- 2 Defining Delegated Administration Privileges for Roles . . . . . . . . . . . . . . . 3- 3 Defining Data Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . 3- 7 Defining Role Inheritance Hierarchies . . . . . . . . . . . . . . . . . . . . . . . 3- 7 Creating and Updating Registration Processes . . . . . . . . . . . . . . . . . . . 3-14 Setting Up The Forgot Password Feature . . . . . . . . . . . . . . . . . . . . . 3-17

    Delegated Administration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17 Maintaining People and Users . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17 Creating, Inactivating, and Reactivating User Accounts . . . . . . . . . . . . . . . 3-18 Resetting User Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18 Assigning Roles to or Revoking Roles From Users . . . . . . . . . . . . . . . . . 3-19

    iii

  • Registering External Organization Contacts . . . . . . . . . . . . . . . . . . . . 3-20 Self Service Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20

    Self Service Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20 Requesting Additional Application Access . . . . . . . . . . . . . . . . . . . . . 3-21 Reset Forgotten Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21

    4 Oracle Application Object Library Security

    Overview of Oracle Applications Security . . . . . . . . . . . . . . . . . . . . . . 4- 1 HRMS Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4- 2

    Defining a Responsibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4- 2 Additional Notes About Responsibilities . . . . . . . . . . . . . . . . . . . . . 4- 3

    Defining a Request Security Group . . . . . . . . . . . . . . . . . . . . . . . . . 4- 3 User Session Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4- 6 Overview of Security Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4- 6

    Defining Security Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4- 7 Overview of Function Security . . . . . . . . . . . . . . . . . . . . . . . . . . . 4- 7

    Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4- 7 Forms and Subfunctions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4- 8 Functions, Menus, and the Navigate Window . . . . . . . . . . . . . . . . . . . 4- 9 Menu Entries with a Submenu and Functions . . . . . . . . . . . . . . . . . . . 4- 9 How Function Security Works . . . . . . . . . . . . . . . . . . . . . . . . . . 4- 9

    Implementing Function Security . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10 Defining a New Menu Structure . . . . . . . . . . . . . . . . . . . . . . . . . 4-12 Notes About Defining Menus . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12 Menu Compilation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13 Preserving Custom Menus Across Upgrades . . . . . . . . . . . . . . . . . . . . 4-13 Special Function for Oracle HRMS, Oracle Sales and Marketing . . . . . . . . . . . 4-14 Summary of Function Security . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15

    Overview of Data Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15 Concepts and Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15 Implementation of Data Security . . . . . . . . . . . . . . . . . . . . . . . . . 4-18

    Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32 Find Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33 Update Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34 Create Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34 Object Detail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35 Delete Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35

    Object Instance Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35 Manage Object Instance Set . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36 Create Object Instance Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36 Update Object Instance Set . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37 Delete Object Instance Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37 Object Instanc

Click here to load reader

Embed Size (px)
Recommended