Concepts Guide

Securing Enterprise Data

This chapter discusses Data Services Platform (DSP) security features. It covers the following topics:

Ensuring Data Security

Integrating enterprise data with DSP does not mean having to compromise the security of sensitive information. Because different data has different security requirements, the ability to apply access control policies to data items is essential. Not all users who need access to general customer information, for example, should have access to sensitive information such as credit card numbers.

Like other components of the WebLogic Platform, DSP supports role-based security authorization. Authorization involves granting a user (either individually or as a member of a group or security role) permission to access resources provided by a DSP deployment.

The WebLogic Platform provides the security framework that handles authorization based upon information in the context of the user request. By default, DSP uses the WebLogic Authorization provider for authorization. If desired, other modules, including third-party authorization modules, can be used as well.

Security policies are enforced no matter how the client attempts to access a resource, from the Mediator API, the data service control API, JDBC, or a web service.

Securing Data Services Platform Resources

DSP enables you to secure resources at a range of granularity levels, from the application level to the level of individual data elements.

Specifically, secureable resources in DSP include:

Applications. An application-level policy applies to all data services in a DSP deployment. You can configure the application setting to be one of the following:

block all access except as permitted by a more specific policy
permit access (even to unauthenticated users) except as blocked by a more specific policy.

Functions. Secures specific functions in a data service. Function-level security allows you to specify differing access levels between read functions and submit functions. Since submit functions allow users to modify back-end data, they often require a more restrictively defined level of access control.
Data Elements. Secures individual data items within a data service's return type. (In terms of database security, element level security corresponds to column-level security in databases.) For example, you can secure only the credit card number of a customer document.

If a given user does not meet the security condition defined for an individual element, the element is redacted from the final result; that is, the customer information is provided with the credit card item missing. Element-level security applies across data service functions.

Document Instances. An instance-level policy is data driven; it allows you to secure access to DSP resources based on the value of the data being returned. Data-driven security is equivalent to row-level security for databases. It lets you, for example, block access to particular users if an order amount exceeds a specified value.

You can specify security policies that control access to the DSP Console itself. The policies determine who can access particular pages in the console by their functional category, whether administration-based (for configuration and monitoring pages) or informational (for data service metadata pages).

Understanding Security Policies

A security policy determines whether a user can access a Data Services Platform resource. With the WebLogic Authorization module, you can create policies based upon user identity, the user's group or role affiliation, time of day, development mode of the server, or any combination of these. Access policies can be used individually or together so that you can apply security in the manner that best matches your needs.

You can create a data-driven policy in the Data Services Platform Console as an XQuery function. The function can perform any evaluation and processing steps desired, given the identity of the user making the request and the value of the requested data. To permit access, the function simply returns true or false to block it.