G OAAM Access Roles

This section summarizes the OAAM access roles, sets of functionality, and levels of access in OAAM. "Access roles" control access to functionality within OAAM.

G.1 Understanding Users and Roles for OAAM

The Oracle Adaptive Access Manager users can access functionality based on the roles they are assigned. These administrator roles have specific permissions assigned to them based on their responsibilities.

Oracle Adaptive Access Manager ships the following default roles:

  • OAAMCSRGroup - Support Personnel

  • OAAMCSRManagerGroup - Support Personnel

  • OAAMInvestigatorGroup - Investigators

  • OAAMInvestigationManagerGroup - Investigators

  • OAAMRuleAdministratorGroup - Security Administrators

  • OAAMEnvAdminGroup - System Administrators

You can create new users and assign the relevant Oracle Adaptive Access Manager roles in the Oracle Adaptive Access Manager domain by using the Oracle WebLogic Administration console. Best practices is to refrain from assigning multiple roles to a single user. If a user has multiple roles assigned to him, the user will have all of the permissions from the different groups.

Note:

Starting with OAAM 11g Release 2 (11.1.2.0.0), the default mechanism to secure Web Services is by using Oracle Web Service Manager policies. OAAMSOAPServicesGroup is no longer used and should not be created.

G.2 CSR (OAAMCSRGroup)

Support personnel such as CSRs have very limited access to the OAAM Administration Console. Support personnel (CSR and CSR Managers) use Oracle Adaptive Access Manager's case management tools to handle customer cases day-to-day. They have detailed knowledge about user activity.

Table G-1 Support Representatives

Items Support Representatives (CSR) have access to these features Notes
 

Users with the Support Representative role have very limited access to the OAAM Administration Console.

 

Cases

CSRs have access to search, open and create CSR type cases. There are no outward facing hyperlinks in any of the pages CSRs have access to. They have access to a limited list of actions. They have no access to bulk edit functions on search cases page.

Search cases

  • They can search for CSR cases; They cannot search for agent and escalated cases

  • They can search for open and closed cases but they cannot reopen closed cases; They can only add notes.

  • They can search for Expired cases and view details but they cannot perform any actions

   

New cases

  • They can open only CSR cases

   

View case details

  • They can view Expired Case details

  • They cannot view Escalated Case or agent cases

  • They can view closed case details and add notes

  • They can view Transactions in sessions tab

   

Edit case

  • They can change case status and severity

  • They cannot add public notes to Escalated Cases

  • They cannot bulk edit cases

  • They can escalate cases

  • They cannot temp allow users

  • They cannot OTP bypass users

  • They cannot extend expiration

  • All customer and KBA resets

  • KBA phone challenge

  • They can perform Customer Resets - a. Image and Phrase.

  • Challenge Questions

    Reset Questions

    Reset Question Set

    Unlock Customer

    Ask Question

  • Expired status cases - Search Access; No access to open

  • OTP Actions

    Reset Email

    Reset Phone

    Reset All

    Unlock OTP


G.3 CSR Managers (OAAMCSRManagerGroup)

CSR Managers have the access privileges of the CSR and access to some other limited functionality. Support personnel (CSR and CSR Managers) use Oracle Adaptive Access Manager's case management tools to handle security and customers cases day-to-day. They have detailed knowledge about user activity and security issues.

Table G-2 Support Manager

Items Support Managers have access to these features Notes
 

Support Managers have the access privileges of the Support Representative and some other limited functionality.

 

Cases

No create agent type cases. Hide actions, log and linked/related tabs in agent cases

Search Cases

  • They can search for CSR, Agent and Escalated cases

  • They can search for open and closed cases.

  • They can search for expired cases.

   

New Case

  • Only CSR cases

   

View Case Details

  • They can view Escalated Case details (including logs and sessions); but cannot perform any actions

  • They can view closed case details (They can only add notes or change status)

  • They can view Transactions in sessions tab

  • They can view expired case details (They can only add notes and extend expiration date)

   

Edit cases

  • They cannot perform any actions on Escalated Cases

  • They can

    Re-open closed cases

    Add notes in CSR cases

    Change status and severity

    Bulk edit CSR cases

    Escalate cases

    Grant temporary allow to users

    OTP bypass users

    Extend expiration

    Perform all customer and KBA resets

    Perform KBA phone challenge

    Change Status

    Change Severity

  • Temporary Allow

    Single login

    2 hours

    Set end date

  • Customer Resets

    Image

    Phrase

    Image and phrase

    Customer (all)

  • Challenge Questions

    Unlock Customer

    Reset Questions

    Reset Question Set

    Next Question

    Ask Question

  • Closed status cases - Search and open Access

  • Expired status cases - Search and Open Access

  • Escalate a CSR case - Full Access

  • Link Sessions tab in escalated status

  • OTP Actions

  • Can search for and view session details; but no access to detail pages or policy explorer

Scheduler

No access

 

Environment

No access

 

G.4 Fraud Investigator (OAAMInvestigatorGroup)

Fraud Investigators have wide access to the OAAM Administration Console. Fraud Investigators use Oracle Adaptive Access Manager's case management tools to handle security cases day-to-day.

Table G-3 Fraud Investigator

Items Fraud Investigators have access to these features Notes
 

Fraud Investigators have wide access to the OAAM Administration Console.

 
   

Also access to add /remove/delete group memberships from details pages

Navigation Tree

None

  • No access to bulk editing of cases.

  • Full access for CSR, Agents and Escalated cases

Cases

Full access.

 

Search page

Search Agent Cases

 

Scheduler

No access

 

Environment

No access

 

G.5 Fraud Investigation Managers (OAAMInvestigationManagerGroup)

Fraud Investigation Managers have wide access to the OAAM Administration Console. Fraud Investigation Managers use Oracle Adaptive Access Manager's case management tools to handle security cases day-to-day.

Table G-4 Fraud Investigation Manager

Items Fraud Investigation Managers have access to these features Notes
 

Fraud Investigation Managers have wide access to the OAAM Administration Console.

 
   

Access to add /remove/delete group memberships from other pages

Navigation tree

None

  • Full access to bulk editing of cases

  • Full access to CSR, Agent and Escalated cases

Cases

Full access.

 

Scheduler

No access

 

Environment

No access

 

Home Page

Search Agent Cases

 

G.6 Security Administrator (OAAMRuleAdministratorGroup)

Security Administrators have wide access to the OAAM Administration Console.

Security Administrators (Rule Administrators) gather intelligence from various sources to identify needs and develop requirements to address them. Some sources for intelligence include Investigators, industry reports, antifraud networks, compliance mandates, and company polices.

Security Administrators plan, configure and deploy policies based on the requirements from analysts.

Table G-5 Security Administrator

Items Security Administrators have access to these features Notes
 

Security Administrators have wide access to the OAAM Administration Console.

 
   

Except Environment node and security dashboard (should be hidden by default)

Navigation Tree

Full Access

Not closable

Home Page

Search Policies

 

Cases

View only access

 

Scheduler

Access for Offline Security Administrators

 

Environment

No access

 

G.7 System Administrator (OAAMEnvAdminGroup)

System Administrators have limited access to the OAAM Administration Console for system administration duties. They configure environment-level properties and transactions.

Table G-6 System Administrator

Items System Administrators have access to these features Notes
 

System administrators have limited access to the OAAM Administration Console for system administration duties

 
   
  • No access to cases

  • Full access to Environment

  • Read-only access to everything else

Navigation Tree

Partial access

 

Scheduler

Access to Online and Offline System Administrators

 

Environment

Full access

 

Home Page

Search Properties

 

G.8 Auditor

Note:

There is no auditor role in 11g OAAM.

Auditor has no access to the OAAM Administration Console. They will do their audit work in BIP.

Table G-7 Auditor

Items Group has access to these features Notes
 

Auditor has no access to the OAAM Administration Console. They will do their audit work in BIP and the common audit framework.