8 Managing System Configurations

Security Module definitions and administrator configurations are defined within the top-level System Configuration tab in the Authorization Policy Manager Administration Console. This chapter contains the following topics:

• Section 8.1, "Delegating With Administrators"

• Section 8.2, "Configuring Security Module Definitions"

8.1 Delegating With Administrators

Administrator Roles can be created to delegate management operations for policy objects. For example, Application and Policy Domain delegating administrators can be defined by creating an Administrator Role at the appropriate level and assigning the role Administration Privileges as well as a user, group, or another role. See Chapter 9, "Delegating With Administrator Roles" for more information. It includes a section on creating System Administrator Roles which can manage other types of Administrator Roles in any Application or Policy Domain.

8.2 Configuring Security Module Definitions

A Security Module is an Oracle Entitlements Server client that plays a key role in authorization. After an authorization request is generated, the Security Module evaluates policy data to determine if access to the resource will be granted or denied. An Application (the Oracle Entitlements Server object that represents the protected reosurce) must be bound to the Security Module that protects it. Binding Security Modules enables policy data to be transmitted to it for evaluation. The Policy Distribution Component (discussed in Chapter 7, "Managing Policy Distribution") is the mechanism used to transmit policy data to the Security Modules.

Note:

For more information about the authorization process, see Section 1.4, "How Oracle Entitlements Server Processes Authorization Policies."

The following sections document how to bind (and unbind) Security Module definitions to (and from) Application objects.

• Creating a Security Module Definition

• Binding an Application to a Security Module

• Unbinding an Application From a Security Module

• Deleting a Security Module Definition

8.2.1 Creating a Security Module Definition

To create a security module, proceed as follows.

1. Select the System Configuration tab from the Home area.

2. Double-click Security Modules in the Navigation Panel.

   Alternately, right-click Security Modules and select Open. The Security Modules page is displayed as in Figure 8-1.

   Figure 8-1 Security Modules in Home Area

   
   Description of "Figure 8-1 Security Modules in Home Area"
   
   

3. Click New to create a new Security Module definition.

   Alternately, select New from the Actions menu. The Security Module dialog is displayed.

4. Provide the following values for the new Security Module.

   • Name: The entry must be a unique.

   • Display Name

   • Description

5. Click Save.

8.2.2 Binding an Application to a Security Module

To bind an Application to a Security Module, proceed as follows.

1. Select the System Configuration tab from the Home area.

2. Double-click Security Modules in the Navigation Panel.

   Alternately, right-click Security Modules and select Open. The Security Modules page is displayed.

3. Select the name of the Security Module definition from the table.

4. Click Add in the Bound to Applications table., either cor select Add from the Actions menu.

   Alternately, select Add from the Bound to Applications Actions menu. The Add Applications dialog displays.

5. Enter a search string in the text box and click the arrow to search.

   Alternately, click the arrow with no search string to return all available Applications.

6. Select one or more applications from the list returned.

7. Click Add.

   The selected applications are bound to the selected Security Module and displayed in the Bound to Applications table.

8.2.3 Unbinding an Application From a Security Module

To unbind an application from a Security Module, proceed as follows.

1. Select the System Configuration tab from the Home area.

2. Double-click Security Modules in the Navigation Panel.

   Alternately, right-click Security Modules and select Open. The Security Modules page is displayed.

3. Select the name of the applicable Security Module definition in the table.

4. Select the name of the applicable Application in the Bound to Applications table.

5. Click Remove or select Remove from the Actions menu.

   A confirmation dialog is displayed.

6. Click Unbind.

8.2.4 Deleting a Security Module Definition

To remove a Security Module definition, proceed as follows.

1. Select the System Configuration tab from the Home area.

2. Double-click Security Modules in the Navigation Panel.

   Alternately, right-click Security Modules and select Open. The Security Modules page is displayed.

3. Select the name of the applicable Security Module definition in the table.

4. Click Delete or select Delete from the Actions menu.

   A confirmation dialog is displayed.

5. Click Remove.