In oracle fusion the security access is provided using Role-Based Access Control (RBAC). A role provide users with permissions to application resources.
- In a RBAC model, users are assigned roles.
- Roles has security policies and privileges to access and process application resources.
Below are the types of roles:
·
Duty roles
·
Job roles
·
Abstract role.
Duty roles:
Duty roles represent the duty of a user. Let us say
creating journal is a duty the duty role ‘Journal Management’ has the privileges
to perform the duty. Duty roles are composed of security policies which grant
access to work areas, dashboards, task flows, application pages, reports, batch
programs, and so on.
Duty roles can also inherit other duty roles. You can
also create custom duty roles. You can't assign duty roles directly to users.
Job roles:
Job roles represent the job functions in your organization.
Let us say Managing Accounts Payable department is a job then the Job role ‘Accounts Payable Manager’ role has all the
Duty roles to perform the job of
managing accounts payables department. Duty roles are composed of
security policies and Duty roles.
Job roles can also inherit other Job roles and duty
roles. You can also create custom job roles you can assign job roles directly
to users.
Abstract roles:
Abstract roles represent a worker's functions in the
enterprise independently of the job they do. The following are examples of
abstract roles used in Oracle
·
Employee
·
Participant
Job role and abstract role are also
known as External roles.
Data Role is also known as
Application Role
Role Inheritance Rules
·
External roles can inherit
privileges from subordinate external roles and application roles.
·
Application roles can inherit
privileges from subordinate application roles but not from external roles.
As illustrated in the following
figure, users are assigned job and abstract roles, which inherit application
roles of the same name. The top-level application roles in turn inherit duty
roles and their associated privileges.
Accessing the Security Console:
To access Security Console the user must have
job role IT Security Manager. We can open the
Security Console from Tools à Security Console from home page or Navigator.
The below tasks can also performed
from Setup and Maintenance work area.
- Manage Job Roles
- Manage Duties
- Manage Data Security Policies.
Schedule process ‘User and Role Access Audit Report’ gives
the XML and csv format report of the function security privileges and
data security policies for a specified role or all roles, for a specific user or for a range of users
based on the parameters provided.
Customizing Security:
If the predefined security
reference implementation doesn't fully represent your enterprise, then you can
make changes as per our requirement.
We should not edit the predefined
roles, these roles are prefixed by ‘ORA’
in the role code.
During each upgrade, predefined
roles are updated to the specifications for that release, so any customizations
would be overwritten. Instead, use one of these options:
- Copy the predefined roles and edit the copies in the
Security Console.
- Create custom roles from scratch in the Security
Console.
In security console we can edit or copy the role
from the below shown screen
To create a role from scratch click
on create role in the security console
No comments:
Post a Comment