Skip Headers

Oracle E-Records Implementation Guide
Release 12.1
Part Number E13700-04
Go to Table of Contents
Contents
Go to previous page
Previous
Go to next page
Next

Setting Up Security Rules

This topic describes how the e-records stored as XML documents in the database are a repository of critical information that can be queried for reasons ranging from internal users viewing information to regulatory authorities inspecting process records.

The information contained in these e-records can be confidential and critical to the nature of the business. Therefore, access to these e-records must be restricted so that any unauthorized entry is prevented.

Access to e-records must be based on the contents of the e-records. For example, you can restrict access to all e-records having any reference to a particular formula ingredient.

This chapter covers the following topics:

Technical Requirements

The technical requirements fulfilled by the security model are:

Setting Up Secure Elements

Before a security rule can be created using a particular XML element it has to be identified as a secure element, the XML element must be indexed, and its usage must be defined as a secure element.

Refer to Setting Up Indexed XML Elements in the “Implementing Oracle E-records” chapter.

Adding E-record Security Rules

Once the secure elements are created, you can create security rules.

There are two modes of operation that a user can configure at the site level. These modes are determined by the profile option EDR: Security High, set at the Site level. This value can be set to Yes or No and has a default value of No.

Warning: Do not change this setting once security configuration is complete.

Restrict Mode (Low level security)

In this mode, access to e-records is granted by default and users or responsibilities can be restricted as required. This is the default mode.

Grant Mode (High level security)

In this mode, access to e-records is restricted by default and users or responsibilities are granted access to specific values.

Refer to Enabling Profile Options in the “Implementing Oracle E-records” chapter.

Security Rule Examples

A security rule creates a restriction or grant statement such as:

Allow user James (user id: JASDE) to access e-records for event Formula Approval having value Yeast for Formula Ingredient

In this example, Formula Ingredient is the secure element for the event Formula Approval. Access to the value Yeast is granted to user id JASDE. Similarly, access to a particular user can also be restricted for a specific value.

Using these security rules, access to the e-records for specific events is restricted based on the contents of the e-records; specifically the value of the secure elements identified at the time of secure element creation.

The comprehensive set of security rules supported by the security model lets you provide content based security as follows:

To add a security rule:

  1. Navigate to the Security Rules window.

  2. Click Create Security Rule. The Create Security Rule window displays.

  3. Enter the information for the security rule:

  4. Click Apply. A confirmation displays that the Security Rule is successfully created.

  5. Run the E-records Security Policy Administration program.

    Refer to Running the E-records Security Policy Administration Program for details.

Maintaining E-record Security Rules

The e-record security rules are used to restrict or grant access to e-records based on their content. You can search, view, create, delete, and update security rules.

The search criteria is not case sensitive and handles trailing wild cards. For example, searching for abc returns all matches for abc% and ABC%.

To view the security rules:

  1. Navigate to the Security Rules window.

  2. Enter search criteria, which can include one or many of the following:

  3. Click Go. The search results display. You can sort the information by clicking on any heading that is active. The following information displays for each record:

Viewing Security Rule Details

You can view the security rule details. You cannot change any information about the security rule from this window.

To view the details of a security rule:

  1. Navigate to the Security Rules window.

  2. View the detail information.

  3. Click Back to return to the previous window.

Updating Security Rules

Security rules can be updated from this window. After security rules are changed, you must run the Security Policy Administration program for these changes to take effect.

To update a security rule:

  1. Click Update from the Security Rules window. The Update Security Rules window displays.

  2. Update the desired information. You cannot update Secure Element, Event Name, Secure Value, User, and Responsibility. You can update the following:

  3. Click Apply.

  4. Run the E-records Security Policy Administration program. Refer to Running the E-records Security Policy Administration Program for details.

Deleting Security Rules

You can delete all security rules from this window.

To delete a security rule:

  1. Click Delete from the Security Rule window. The message Are you sure you want to delete this Security Rule? displays.

  2. Click Yes to delete the rule, and No to cancel the delete.

  3. Run the E-records Security Policy Administration program.

    Refer to Running the E-records Security Policy Administration Programfor details.

Running the E-record Security Policy Administration Program

You must run this program to enable security on the Evidence Store.

To run the E-record Security Policy Administration program:

  1. Navigate to the Submit Request window.

  2. Enter E-records Security Policy Administration in the Name field. The Parameters dialog box displays. The Action field is set to either Add or Drop.

  3. Click OK. The Submit Request window displays.

  4. Complete the fields on the Submit Request window and click Submit.

  5. View or print the report.