| Oracle® Adaptive Access Manager Administrator's Guide Release 10g (10.1.4.5) Part Number E12055-03 |
|
|
View PDF |
| Oracle® Adaptive Access Manager Administrator's Guide Release 10g (10.1.4.5) Part Number E12055-03 |
|
|
View PDF |
This chapter provides information about creating and editing rule templates, using the rules template editor, managing conditions, and importing and exporting rules and conditions.
Rule conditions are the building blocks for constructing rule templates and make the rule-related functions in Oracle Adaptive Access Manager available to the client. Rule conditions consist of references to various Oracle Adaptive Access Manager objects, APIs (functions), and parameters that are used to evaluate the risk. The parameters could be Runtime variables, capture Runtime data, time, username, authentication, IP, and so on.
The rule template forms the basis for creating a rule instance. Adding condition instances to rule templates allow you to create the template you need for your use cases. Rule templates must have at least one condition.
Conditions in the rule template are evaluated sequentially. Subsequent conditions are evaluated only if the current one was evaluated to be true. In other words, the evaluation stops when a condition is evaluated to be false. For the rule to be triggered all the conditions that constitute the rule need to be evaluated to true; if any of the conditions is evaluated to false, the rule is evaluated to false, and the rule does not trigger.
Oracle Adaptive Access Manager includes a library of preconfigured conditions. For a list of these conditions, refer to Appendix A, "Conditions Reference." Conditions cannot be modified. Before you can use conditions, you must import oaam_rule_conditions.zip, which contains all conditions that come standard with the product, into your system.
To import the oaam_rule_conditions.zip:
On the Admin menu, point to Rule Templates, point to Conditions, then click Import Conditions.
Click Browse and locate oaam_rule_conditions.zip.
Click Import.
All the conditions are imported into the server.
This section contains instructions on
You can import, export, and delete conditions as necessary.
To view a list of available conditions:
On the Admin menu, point to Rule Templates, point to Conditions, then click List Conditions.
The List Conditions page appears.
To filter the list by type, click in the Type box and select the type you want. Then click Run Query.
By default there are 7 types of rule conditions in Adaptive Risk Manager:
Device
Device ID Conditions
In Session
Location
System Conditions
User
User Device ID Conditions
The type of condition identifies the type of Oracle Adaptive Access Manager API that will be used at Runtime. However, system conditions are special conditions that do not necessarily adhere to using a type of Oracle Adaptive Access Manager API.
To filter the list by condition name, click in the Condition Name box and type in the name or part of the name for the condition you want. Then click Run Query.
The search is case sensitive and it does not take special characters.
After filtering the list of conditions, you can sort them by clicking Condition Name, Sort, or Description.
Clicking the Condition Name heading will sort all the condition names in ascending or descending order. Clicking the Description heading will sort all the condition descriptions in ascending or descending order. The Sort option sorts the listed conditions by condition names or by condition descriptions in ascending or descending order depending on the last sort.
To view the details of a condition
On the Admin menu, point to Rule Templates, point to Conditions, then click List Conditions.
The List Conditions page appears.
Click the name of the condition you want.
The Condition Detail page appears.
The page contains a Delete button and non-editable details of the condition.
The following information is presented:
Condition ID: the condition ID
Condition Name: the name of the condition
Status: Active or Disabled.
Value Type: Type of condition.
Description: the description given to the condition.
Parameters: the parameters of the condition.
You can export and import rule conditions.
To export a condition
On the Admin menu, point to Rule Templates, point to Conditions, then click List Conditions.
Select the check box next to the condition you want to export.
Click Export.
To import a condition
You can import a collection of 0 or more conditions through a zip file or a single condition through an .xml file.
On the Admin menu, point to Rule Templates, point to Conditions, then click Import Conditions.
Click Browse and locate the file.
Click Import.
Caution:
If you import a condition that already exists in the system, the incoming condition will overwrite the existing condition. Changing the condition affects the Rules and Models that use the condition.To export a delete script
On the Admin menu, point to Rule Templates, point to Conditions, and click List Conditions.
The List Conditions page appears.
Click the check box next to the condition or conditions you want to delete.
Click Export Delete Script.
Export Delete Script exports a delete script for the conditions that you have selected. You can import this script later to delete the conditions in the application if they are present.
You can delete conditions by using:
by using the Delete button on the List Conditions page.
by using the Delete button on the Condition Detail page.
by importing a delete script.
Note:
If rule templates are using the condition, deleting it will affect the rule templates and models that use it.To delete a condition using the Delete button on List Conditions
On the Admin menu, point to Rule Templates, point to Conditions, and click List Conditions.
The List Conditions page appears.
Click the check box next to the condition or conditions you want to delete.
Click Delete.
To delete a condition using the Delete button on Condition Detail
On the Admin menu, point to Rule Templates, point to Conditions, and click List Conditions.
The List Conditions page appears.
Click the condition you want to delete.
The Condition Detail page appears.
Click Delete.
To delete a condition by importing a delete script
Import a delete script that you created earlier (with Export Delete Script) to delete conditions in the application if they are present.
On the Admin menu, point to Rule Templates, point to Conditions, then click Import Conditions.
Click Browse and locate the file.
Click Import.
The rules templates contain the rules definition of the parameters that can be configured from the web interface. The rules are loaded into the database using the import process.
On the Admin menu, point to Rule Templates and then click List Rule Templates.
The List Rule Templates page appears.
To filter the list by type, click in the Rule Type box and select the type you want and click Run Query.
By default there are 6 types of rule templates in Adaptive Risk Manager:
Device
Device ID Rules
In Session
Location
User
User Device ID Rules
The type of rule template identifies the type of Oracle Adaptive Access Manager API that will be used at Runtime.
To filter the list by status, click in the Rule Status box and select the status you want and click Run Query.
To filter the list by rule template name, click in the Rule Name box and type in the name or part of the name for the rule template you want. Then click Run Query.
The search is case sensitive and it does not take special characters.
After filtering the list of rule templates, you can sort them by clicking Condition Name, Sort, or Description.
Clicking the Rule Name heading will sort all the rule template names in ascending or descending order. Clicking the Description heading will sort all the rule template descriptions in ascending or descending order. The Sort option sorts the listed rule templates by rule template names or by rule template descriptions in ascending or descending order depending on the last sort.
To edit a rule template, click the wrench icon next to the rule template you want.
The Create Rule Template page appears.
The Create Rule Template page provides the ability to create and edit rule templates for your own specific set of needs and requirements.
To create or edit a rule template:
On the Admin menu, point to Rule Templates and then click Create Rule Templates.
The Create Rule Template page appears.
Note: you can also access the Create Rule Template page for editing by listing the rule templates, and then clicking the wrench icon next to the rule template you want to edit. In this case, you can skip steps 2 and 3.
Click in the Rule Type box and select the type of rule you want.
The Rule field appears.
To create a new rule template, select Create New Rule Template. To edit an existing rule template, select the rule template you want.
In the Rule Name box, enter or edit the rule name.
If you are creating a new rule template, it is recommended that you use a prefix such as Device, Location, or User to identify the template as a particular type.
In the Description field, enter or edit the description of the rule template.
Click the Status box and select the status you want: Active or Disabled.
If status is changed to disabled, the rule is disabled and cannot be added to a model. A Model that already contains the rule will not be affected and will continue to function as before.
Click in the Condition box and select the condition you want to add to the rule.
Oracle Adaptive Access Manager filters the list of conditions displayed based on the selected rule type.
The Add Condition box appears to the right of the list of conditions. The box displays the name and description of the condition.
To edit the parameters for your rule template, click in the appropriate field in the Add Condition box and make the changes you want.
In the Add Conditions box, click Add.
The same condition can be added more than one time.
To change the order in which the conditions are evaluated, click the Order box and select the order you want.
Repeat steps 7 through 10 for each condition you want to add to the rule template.
Click Save.
The rule template is created.
An error message appears if a template with the same name already exists.
To view details of a rule template:
On the Admin menu, point to Rule Templates and then click List Rule Templates.
The List Rule Templates page appears.
Click the name of the rule template you want.
The Rule Templates page appears.
The Rule Templates page displays the following information:
Rule Id
Rule Name
Rule Status
Rule Type
Description
Notes
From the Rule Templates page, you can also modify the rule description, status, and notes; delete the rule template; and access the Create Rule Template page to edit the rule template.
You can edit the Description field. The description will contain one line of information that people using Adaptive Risk Manager will see. It will appear in the Description column on the List Rule Templates page and the Customize Rule box when you add that rule to the model.
You can add notes for the rule template. Notes allow the administrator to add detailed information about the rule template. This information will only appear in the Rule Detail page.
A rule of thumb is that if you have one line of information about the rule template, store the information in Description so that other people using Adaptive Risk Manager can see it, and that if you have detailed information, store it in Notes.
You change the rule status of the rule template. If the rule status is changed from Active to Disabled, the rule is disabled and cannot be added to a model. A Model that already contains the rule will not be affected and will continue to function as before.
You can delete a condition, but a rule template requires a minimum of one condition to function.
If a rule template includes only one condition, that condition cannot be deleted.
If a rule template includes more than one condition, you can delete all of the conditions except one (with least order number).
To delete a condition from a rule template:
On the Admin menu, point to Rule Templates and then click List Rule Templates.
The List Rule Templates page appears.
Click the wrench icon next to the name of the rule template you want.
Alternatively, you can click the rule template name, and then the Edit button on the Rule Templates page.
The Create Rule Template page appears.
Click the check box next to the condition you want to delete.
The message appears: "Are you sure you want to delete the selected row(s)?"
Click OK.
When you delete a rule template any active instances of that rule will also be deleted which may cause unwanted results. Deleting a rule template does not delete the actual conditions.
You can delete rule templates in three ways:
by using the Delete button on the List Rule Templates page.
by using the Delete button on the Rule Templates page.
by importing a delete script
Deleting from the Rule Templates page does not offer you the option of exporting the selected rows before deleting.
To delete a rule template from the List Rule Templates page
On the Admin menu, point to Rule Templates and then click List Rule Templates.
The List Rule Templates page appears.
Click the check box next to the rule templates you want to delete.
Click Delete.
The message appears: "Deleting a rule will cascade delete the rule profile maps if the rule is linked to a profile. Are you sure you want to delete the selected rows?"
Click OK.
The option appears, "Do you wish to export the selected rows before deleting."
Click OK if you want to save the selected rows to disk or click Cancel.
To delete a rule template from the Rule Templates page
On the Admin menu, point to Rule Templates and then click List Rule Templates.
The List Rule Templates page appears.
Click the name of the rule template you want.
The Rule Templates page appears.
Click Delete.
The message appears: "Do you want to cascade delete the rule profile maps if the rule is linked to a profile?"
Click OK.
The message appears: "Are you sure you want to delete this rule permanently from the database."
Click OK.
To delete a rule template by importing a delete script
On the Admin menu, point to Rule Templates and then click Export Rule Templates.
The Export Rule Templates page appears.
Click the check box next to the rule templates you want to delete in the future.
Click Export Delete Script.
The option appears, "Do you wish to export the selected rows before deleting."
Click OK.
Export Delete Script exports a delete script for the rule templates that you have selected. You can import this script later to delete the rule templates in the application if they are present.
You can export and import rule templates.
When you export a rule template, the exported rule template includes the corresponding conditions.
To export a rule template
On the Admin menu, point to Rule Templates and then click Export Rule Templates.
The Export Rule Templates page appears.
Enter the search criteria you want and click Run Query.
Select the check box next to each rule template you want to export.
Click Export.
Click OK to the confirmation.
To open a rule template, click Open With and select the application you want to use.
To save the template to disk, click Save To Disk.
Click OK.
To import a rule template
On the Admin menu, point to Rule Templates and then click Import Rule Templates.
The Import Rule Templates page appears.
Click Browse and locate the rule template you want to import.
Click Import.
The imported template appears in the List of Rule Templates.
Caution:
If you import a rule template that already exists in the system, the imported template will overwrite the existing template. The accompanying conditions will also overwrite the conditions already in the server.
|
 Copyright © 2008, 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
