Skip Headers
Oracle® Fusion Middleware Administrator's Guide for Authorization Policy Manager
11g Release 1 (11.1.1)

Part Number E14431-01
Go to Documentation Home
Go to Book List
Book List
Go to Table of Contents
Go to Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Go to next page
View PDF

1 Introduction to Oracle Authorization Policy Manager

Oracle Authorization Policy Manager is graphical interface tool to manage application authorization policies. This chapter describes the basic functionality of this tool in the following sections:

1.1 Audience and Prerequisites

The intended users of Authorization Policy Manager are security administrators.

Authorization Policy Manager requires that:

Applications whose policies are managed with Authorization Policy Manager are assumed to use Oracle Platform Security Services for authorization. For details about integrating an application with these services, see Oracle Fusion Middleware Application Security Guide.

1.2 What Is Authorization Policy Manager?

A security administrator can use WLST commands or Fusion Middleware Control to manage application policies. On the one hand, using WLST command requires manually running commands; on the other hand, even though Fusion Middleware Control offers a graphical user interface, it is a rather complex tool that requires that the administrator work with low-level security artifacts and know names and concepts familiar to, typically, only developers (such as permission class names or task-flow names, for example).

Authorization Policy Manager greatly simplifies the creation, configuration, and administration of application policies over those two other tools by offering:

1.3 The Big Picture

Figure 1-1 illustrates how a security administrator accesses Authorization Policy Manager, and how the tool communicates with the domain policy and identity stores within the context of Oracle WebLogic server.

That figure also illustrates the fact that Authorization Policy Manager can access policies (and identities) of application deployed in a different domain to that in which Authorization Policy Manager is deployed, provided that those other domains point to the same policy and identity store. Authorization Policy Manager uses OPSS management APIs to access the policy store, and IGF APIs to access the identity store.

Figure 1-1 APM Deployed in a WebLogic Domain

Surrounding text describes Figure 1-1 .

Authorization Policy Manager does not support the management of users and external roles; these artifacts can only be viewed with the tool. Their provision and management is typically accomplished using Oracle Identity Manager. Changes to the identity store are immediately visible in Authorization Policy Manager.

1.3.1 Installing and Configuring Authorization Policy Manager

This section provides links to other documentation that describe the following topics: Installation

For details about installing Authorization Policy Manager, see Oracle Fusion Middleware Installation Guide for Oracle Identity Management. High Availability

For details about high availability for Authorization Policy Manager, see Oracle Fusion Middleware High Availability Guide. Single Sign-On

Oracle Access Manager 11g can be used to configure SSO between OIM and Authorization Policy Manager. For details, see Oracle Access Manager Integration Guide. SSL

The connections that Authorization Policy Manager establishes with the policy store, the identity store, and the database can be secured through one-way SSL. The access to Authorization Policy Manager via a browser can also be secured through one-way SSL. These settings are similar to those of any other application running in the Oracle WebLogic server.

For details about configuring SSL in Oracle Fusion Middleware applications when OHS is not being used, see chapter 12 in Oracle Fusion Middleware Securing Oracle WebLogic Server.

For details about configuring SSL in Oracle Fusion Middleware applications when OHS is being used, see chapter 6 in Oracle Fusion Middleware Administrator's Guide. Loggers

Setting the loggers and a log level for Authorization Policy Manager is similar to setting them for any other application running in the Oracle WebLogic server. For details, see Oracle Fusion Middleware Application Security Guide.