JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Java CAPS Master Index Maintenance Guide     Java CAPS Documentation
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Oracle Java CAPS Master Index Maintenance Guide

Related Topics

Defining Master Index Data Manager Security

Define Master Index Data Manager User Roles

To Define a User Role

Define EJB User Roles

To Define an EJB User Role

Create Master Index Data Manager User Accounts

To Create a User Account

Master Index Data Manager User Role Properties

Master Index Data Manager User Permissions

EJB User Role Properties

EJB Security Functions

Learning About Master Index Reports

Master Index Command Line Reports

About Production Reports

About Activity Reports

Master Index Report Configuration

Creating Custom Master Index Reports

Masked Data in Master Index Reports

Master Index Production Reports

Assumed Match Report

Deactivated Record Report

Potential Duplicate Report

Merge Transaction Report

UnMerge Transaction Report

Update Report

Master Index Activity Reports

Weekly Activity Report

Monthly Activity Report

Yearly Activity Report

Master Index Database Indexes

Working With Master Index Command Line Reports

Configuring the Master Index Report Environment

To Set up the Environment

Configuring Master Index Command Line Reports

Defining the Command Line Report Configuration

Configuring Command Line Reports

Master Index Command Line Report Properties

Running Master Index Command Line Reports

To Run the Reports Using the Batch File

To Run the Reports Using a Java Command

Maintaining the Master Index Database

Backing up the Master Index Database

Online Backups

Offline Backups

Restoring the Master Index Database

Archiving Master Index Data

Implementing Changes to the Master Index Project

Modifying Master Index Configuration Files

Updating the Object Structure

Updating Normalization and Standardization Structures

Updating the Match String

Modifying the Master Index Database

Modifying Master Index Security

Modifying the Local ID Format

Defining Master Index Data Manager Security

Oracle Java CAPS Master Index supports security for the Master Index Data Manager (MIDM) at the user and function level and also supports Secure Sockets Layer (SSL) authentication. Security is defined at two levels, the EJB level and the presentation level. EJB security provides access at the user and function level to the methods of the master controller (com.sun.mdm.index.ejb.master). Presentation level security provides access at the function and user level for the actions that can be performed from the MIDM.

A secure user name and password needs to be defined for each master index application user to connect to the database and to log on to the MIDM. For each user account you define, you must specify one or more roles in order for that user to be able to perform any functions in the MIDM. You define roles in midm-security.xml in the master index project. This is the presentation layer security. In addition, each user must also be assigned at least one EJB security role. EJB security roles are defined in security.xml. A default role that grant access to all functions of the master controller is predefined, but is not included in the file. The role is named MasterIndex.Admin.

User permissions for master index applications are granted using the Admin Console. You can also define security using a Lightweight Directory Access Protocol (LDAP) server, using the roles you define in Define Master Index Data Manager User Roles.

Perform the following tasks to configure security for the master index application:

These topics provide additional information to help you perform the above tasks:

Define Master Index Data Manager User Roles

Oracle Java CAPS Master Index provides sample user roles for giving multiple permissions to a user at one time. You can define additional user roles and assign combinations of access permissions to each role. This way you can assign a user account to one or two user roles instead of assigning them several access permissions.

To Define a User Role

  1. In the NetBeans Project window, expand the master index project and then expand Configuration.
  2. Open midm-security.xml in an XML editor.
  3. Define user groups and their permissions using the elements described in Master Index Data Manager User Role Properties.

    The permissions you can assign are listed and described in Master Index Data Manager User Permissions.

  4. Save and close the file.

    You can use these roles when you create the user accounts, as described in Create Master Index Data Manager User Accounts.

  5. Continue to Define EJB User Roles.

Define EJB User Roles

EJB user roles control access at the master controller level. Oracle Java CAPS Master Index provides a sample role for granting multiple permissions at one time without giving access to all functions. An additional role is predefined, MasterIndex.Admin, that provides access to all functions. You can define additional roles and assign combinations of functional permissions to each role. This way you can assign a user account to one or two roles instead of assigning them several permissions.

Note - This step is optional. You can use the MasterIndex.Admin role for MIDM users if you only need to restrict access at the presentation level.

To Define an EJB User Role

  1. In the NetBeans Projects window, expand the master index project and then expand Configuration.
  2. Open security.xml in an XML editor.
  3. Define user roles and the permissions that belong to each using the elements described in EJB User Role Properties.

    The permissions you can assign are listed and described in EJB Security Functions.

  4. Save and close the file.

    You can use these roles when you create the user accounts.

  5. Continue to Create Master Index Data Manager User Accounts.

Create Master Index Data Manager User Accounts

You create user accounts for MIDM access using the GlassFish Admin Console.

Tip - Make sure you give users access to the initial page that appears when a user logs in to the MIDM. This page is defined in midm.xml. Also verify that the EJB privileges you assign allow the user to perform all of the MIDM functions to which they have access.

To Create a User Account

Before You Begin

Make sure you have created all the user roles and, optionally, EJB user roles that need to be assigned to the user account.

  1. Log on to the GlassFish Admin Console.
  2. In the left portion of the page, expand Configuration, expand Security, and then expand Realms.
  3. Select File.
  4. On the Edit Realm page, select Manage Users.
  5. On the File Users page, select New.
  6. In the User ID field, enter a name for the user.
  7. In the Group List field, enter the following. Separate roles with a comma.
  8. After you have added all required user roles and EJB user roles, enter a password for the user in the New Password field.
  9. In the Confirm New Password field, enter the password again.
  10. Click OK.

Master Index Data Manager User Role Properties

You can define user roles for the MIDM in order to assign multiple security permissions to a user account at once. Roles are defined in an XML file, midm-security.xml. The following table describes the elements of the security configuration file.

Table 1 MIDM User Role Configuration Elements

Element
Description
role
A definition for one user role. Each role element contains a name for the user role, a list of security permissions, and, optionally, a user role from which permissions are inherited along with any exceptions to the inheritance.
role-name
The name of the user role, such as Administrator.
inheritance
A definition of how permissions are inherited from another user role. The definition includes the parent user role and any permissions that should not be inherited. This group of elements is optional, and a role can inherit from multiple user roles.

Note - The role from which permissions are inherited must be defined earlier in the XML file than the role that inherits the permissions.
inherits-from
The name of the user role from which the current role inherits permissions. If permissions are added to this user role at any time, the new permissions are also inherited by the current role.
excluded-operations
A list of permissions assigned to the parent role that the current role should not have access to. Any permissions assigned to the parent role that are not listed here are assigned to the current role.

Note - If a role inherits from multiple parent roles and each parent is assigned an excluded permission, you need to specify that the permission be excluded for each parent role.
excluded-operations/name
The name of a security permission that is not inherited from the parent user role. Security permissions are listed under Master Index Data Manager User Permissions.
operation
A list of security permissions to assign to the user role. If the role inherits permissions from another role, the permissions listed here are in addition to the inherited permissions.
operation/name
The name of a security permission to add to the current user role. Security permissions are listed under Master Index Data Manager User Permissions.

Master Index Data Manager User Permissions

The following table lists and describes each user permission for the MIDM. The user permission names are case-sensitive.

Table 2 MIDM User Permissions and Descriptions

User Permission
Description
AssumedMatch_Print
Gives access permission to print the results of an assumed match search.
AssumedMatch_SearchView
Gives access permission to search for and view records that were automatically matched by the master index application. This permission is needed to perform any assumed match functions.
AssumedMatch_Undo
Give access permission to reverse an assumed match, separating the two records.
AuditLog_Print
Gives access permission to print an audit log search results report. This permission also requires AuditLog_SearchView.
AuditLog_SearchView
Gives access permission to search for and view audit log entries.
EO_Activate
Gives access permission to activate enterprise records.
EO_Compare
Gives access permission to compare enterprise records.
EO_Create
Gives access permission to create new enterprise records.
EO_Deactivate
Gives access permission to deactivate enterprise records.
EO_Edit
Gives access permission to modify the SBR in enterprise records.
EO_LinkSBRFields
Gives access permission to link a field in a system record with a field in the enterprise record's SBR so the value of the SBR field is the same value as the system object field.
EO_LockSBRFields
Give access permission to modify the SBR directly and to lock SBR fields for overwrite.
EO_Merge
Gives access permission to merge enterprise records.
EO_OverwriteSBR
Gives access permission to choose an SBR field to retain during a merge. After the merge transaction, the field is locked for editing.
EO_PrintComparison
Reserved for future functionality.
EO_PrintSBR
Reserved for future functionality.
EO_SearchViewSBR
Gives access permission to search for and view single best records, and to generate and print the search results report. This permission is needed to perform any functions on the details page.
EO_UnlinkSBRFields
Gives access permission to unlink an SBR field and system record field that were previously linked.
EO_UnlockSBRFields
Gives access permission to unlock an SBR field that was previously locked for editing.
EO_Unmerge
Gives access permission to unmerge enterprise records.
EO_ViewMergeTree
Gives access permission to view a merge history of an enterprise object.
Field_VIP
Gives permission to view fields masked by any custom masking logic specified by midm.xml.
PotDup_Print
Gives permission to print the results of a potential duplicate search.
PotDup_ResolvePermanently
Gives access permission to permanently resolve potential duplicate records.
PotDup_ResolveUntilRecalc
Gives access permission to resolve potential duplicate records.
PotDup_SearchView
Gives access permission to search for and view potential duplicate records. This permission is needed in order to perform any functions on the Duplicate Records page.
PotDup_Unresolve
Gives access permission to unresolve potential duplicate records that were previously resolved.
Reports_Activity
Gives access permission to run an activity report.
Reports_AssumedMatches
Gives access permission to run an assumed match report.
Reports_DeactivatedEUIDs
Gives access permission to run a deactivated record report.
Reports_Duplicates
Gives access permission to run a potential duplicate report.
Reports_MergedRecords
Gives access permission to run a merge transaction report.
Reports_UnmergedRecords
Gives access permission to run an unmerge transaction report.
Reports_Updates
Gives access permission to run an update report.
Reports_View
Gives access permission to the reports page. This permission is needed in order to run any of the production or activity reports.
SO_Activate
Gives access permission to reactivate a deactivated system record.
SO_Add
Gives access permission to add system records.
SO_Compare
Gives access permission to compare system records.
SO_Edit
Gives access permission to modify system records.
SO_Deactivate
Gives access permission to deactivate system records.
SO_Merge
Gives access permission to merge system records.
SO_Print
Gives access permission to print the results of a system record search.
SO_Remove
Gives access permission to delete system records.
SO_SearchView
Gives access permission to search for and view system records.
SO_Unmerge
Gives access permission to unmerge system records.
TransLog_Print
Gives permission to print the results of a transaction history search.
TransLog_SearchView
Gives access permission to search for and view the transaction history of enterprise records and to view merged records.

EJB User Role Properties

You can define access roles for the EJB layer in order to assign multiple security permissions to a user or web client at once. EJB roles can be used to secure MIDM users and other clients accessing the master index application, such as web services. Roles are defined in an XML file, security.xml. The following table describes the elements of the security configuration file. The default user, MasterIndex.Admin, is not defined in this file, but it gives access to all functions.

Table 3 EJB User Role Configuration Elements

Element
Description
ejbSecurity
An indicator of whether EJB security is enabled. Enter ON to enable web service security; enter OFF to disable web service security.
role
A definition for one EJB user role. Each role element contains a name for the user role and a list of security permissions.
role-name
The name of the EJB user role, such as DataProcessor.
operation
A list of master controller functions to assign to the user role.
name
The name of a master controller function to add to the current user role. Functions are listed under EJB Security Functions.

EJB Security Functions

The following table lists and describes each security function in the master controller. The permission names are case-sensitive. For more information about these functions, see the Javadocs provided with Oracle Java CAPS Master Index. These functions are defined in com.sun.mdm.index.ejb.master.MasterController.

Table 4 EJB Security Functions and Descriptions

User Permission
Description
activateEnterpriseObject
Gives access permission to change the status of a deactivated enterprise object back to active.
activateSystemObject
Gives access permission to change the status of a deactivated system object back to active.
addSystemObject
Give access permission to add a system object to an enterprise object.
calculatePotentialDuplicates
Gives access permission to calculate potential duplicates for a transaction.
calculateSBR
Gives access permission to calculate a new single best record (SBR) for an enterprise object that has been updated.
createEnterpriseObject
Gives access permission to create a new enterprise object in the master index application.
deactivateEnterpriseObject
Gives access permission to change the status of an enterprise object to inactive.
deactivateSystemObject
Gives access permission to change the status of a system object to inactive.
deleteSystemObject
Gives access permission to delete a system object from an enterprise object.
executeMatch
Gives access permission to process a system object using the standardization and matching logic defined for the master index application.
executeMatchDupRecalc
Gives access permission to process a system object using the standardization and matching logic defined for the master index application and allows you to defer potential duplicate processing.
executeMatchGui
Gives access permission to process a system object using the standardization and matching logic defined for the master index application.
executeMatchUpdate
Gives access permission to process a system object using the standardization and matching logic defined for the master index application.
executeMatchUpdateDupRecalc
Gives access permission to process a system object using the standardization and matching logic defined for the master index application and allows you to defer potential duplicate processing.
getConfigurationValue
Gives access permission to retrieve the configuration of a master controller parameter.
getDatabaseStatus
Give access permission to retrieve the status of the master index database.
getEnterpriseObject
Gives access permission to retrieve an enterprise object.
getEUID
Gives access permission to retrieve the EUID associated with a system and local ID.
getMergeHistory
Gives access permission to retrieve a tree structure of the merge transactions associated with a specific enterprise object.
getRevisionNumber
Gives access permission to retrieve the SBR revision number for an enterprise object.
getSBR
Gives access permission to retrieve the SBR for an enterprise object.
getSystemObject
Gives access permission to retrieve a system object based on the system and local ID information.
insertAuditLog
Gives access permission to add an audit log record to the master index database.
lookupAssumedMatches
Gives access permission to retrieve a list of assumed matches based on the search criteria specified.
lookupAuditLog
Gives access permission to retrieve an audit log record.
lookupPotentialDuplicates
Gives permission to retrieve a list of potential duplicate records.
lookupSystemDefinition
Gives permission to retrieve the attributes of a source system in the master index database.
lookupSystemDefinitions
Gives access permission retrieve the attributes of multiple source systems in the master index database.
lookupSystemObjectPKs
Gives access permission to retrieve an array of system object keys.
lookupSystemObjects
Gives access permission to retrieve the active system objects in an enterprise object.
lookupTransaction
Gives access permission to retrieve a transaction summary.
lookupTransactions
Gives access permission to retrieve an array of transaction summaries.
mergeEnterpriseObject
Gives access permission to merge two or more enterprise objects.
mergeSystemObject
Gives access permission to merge two or more system objects.
ResolvePotentialDuplicates
Gives access permission to flag a potential duplicate pair as resolved.
searchEnterpriseObject
Gives access permission to retrieve an iterator of enterprise objects based on the specified search criteria.
transferSystemObject
Gives access permission to transfer a system object from its current enterprise object to a different enterprise object.
UndoAssumedMatch
Gives access permission to reverse an assumed match transaction, unmerging the two objects that were matched and creating a new enterprise object.
unmergeEnterpriseObject
Gives access permission to unmerge two previously merged enterprise objects.
unmergeSystemObject
Gives access permission to unmerge two previously merged system objects.
unresolvePotentialDuplicate
Gives access permission to mark as unresolved two potential duplicate records that were previously flagged as resolved.
updateEnterpriseDupRecalc
Gives access permission to update the master index database to reflect new values for an enterprise object and optionally to defer potential duplicate processing.
updateEnterpriseObject
Gives access permission to modify enterprise objects.
updateSystemObject
Gives access permission to modify system objects
Copyright © 2009, 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next