4 Querying Security Artifacts

Oracle Authorization Policy Manager allows two kinds of queries over OPSS security objects: simple and advanced. Simple queries are conducted in the navigation panel of the Authorization Management tab, and they involve matching names and display names only, as explained in Section 3.4, "Finding Artifacts with a Simple Search." Advanced queries are conducted in different pages of the Authorization Management tab, and they use the operators start with, ends with, contains, and equal to, which allow specifying more sophisticated matchings.

This chapter explains how to specify advanced queries, in the following sections:

There is no support for wildcard characters in advanced queries. In particular, the characters * or % are treated as plain characters in the specification of any advanced search parameter.

4.1 Searching External Roles

To search external roles, proceed as follows:

  1. Expand Global in the navigation panel to expose the External Roles under it.

  2. Either double-click External Roles or select it and click Open to display the Search - External Roles tab in the Authorization Management tab.

  3. In the Search area of that tab, enter the query parameters as follows:

    • Select an operator for the Name from the first pull-down list and enter a string to match.

    • Select an operator for the Display Name from the second pull-down list and enter a string to match.

    • Optionally, click Reset to set the parameter values to the values they had before you entered the current values.

  4. Optionally, click Save... to save the current query parameters. The name of the saved collection then appears in the pull-down list Saved Search. Selecting a saved search from this pull-down list fills in the query parameters automatically with the saved values.

  5. Click Search to trigger the search. All external roles matching the query parameters are displayed in the Search Results area.

    The action at the top of this table allows viewing the details of a role (Open Role).

Figure 4-1 illustrates the results of an advanced search on external roles with previously saved query parameters (under jobs).

Figure 4-1 External Roles - Advanced Search

Surrounding text describes Figure 4-1 .

4.2 Searching Application Roles

To query application roles, proceed as follows:

  1. Select an application in the navigation panel and expand it to expose all nodes in the hierarchy.

  2. Either double-click Role Catalog or select it and click Open to display the Search - Role Catalog tab in the Authorization Management tab.

  3. In the Search area of that tab, enter the query parameters as follows:

    • Select an operator for the Role Name from the first pull-down list and enter a string to match.

    • Select an operator for the Display Name from the second pull-down list and enter a string to match.

    • Select an operator for the Category and enter a string to match.

    • Optionally, click Reset to set the parameter values to the values they had before you entered the current values.

  4. Optionally, click Save... to save the current query parameters. The name of the saved collection then appears in the pull-down list Saved Search. Selecting a saved search from this pull-down list fills in the query parameters automatically with the saved values.

  5. Click Search to trigger the search. All role categories matching the entered specifications are displayed in the table Search Results. Figure 4-2 illustrates this page.

    The actions at the top of this table allow:

  6. In addition, to modify the external roles assigned (mapped) to an application role in the Search Results table, select a role to display the area Role Mapping Details for the selected role.

    In that area, the table External Role Assignments lists the external roles mapped to the application role. The actions at the top of this table allow:

    • Adding an external role (Add External Role).

    • Removing an external role (Remove External Role).

    • Viewing an external role selected from the table (Open External Role).

    For details about the external roles, see sections Section 5.2, "Viewing the External Role Hierarchy," and Section 5.5, "Mapping External Roles to an Application Role."

Figure 4-2 Application Roles - Advanced Search

Surrounding text describes Figure 4-2 .

4.3 Searching Application Resource Types

To search application resource types, proceed as follows:

  1. Select an application in the navigation panel and expand it to expose all nodes in the hierarchy.

  2. Either double-click Resource Types or select it and click Open to display the Search - Resource Types tab in the Authorization Management tab.

  3. In the Search area of that tab, enter the query parameters as follows:

    • Select an operator for the Name from the first pull-down list and enter a string to match.

    • Select an operator for the Display Name from the second pull-down list and enter a string to match.

    • Select an operator for Actions and enter a string to match.

    • Optionally, click Reset to set the parameter values to the values they had before you entered the current values.

  4. Optionally, click Save... to save the current query parameters. The name of the saved collection then appears in the pull-down list Saved Search. Selecting a saved search from this pull-down list fills in the query parameters automatically with the saved values.

  5. Click Search to trigger the search. All resource types matching the entered specifications are displayed in the table Search Results.

    The actions at the top of this table allow:

    • Creating a resource type (New)

    • Editing a resource type (Open)

    • Deleting a resource type (Delete)

Figure 4-3 illustrates the results of an advanced search on resource types with previously saved query parameters (under resPermiss).

Figure 4-3 Resource Types - Advanced Search

Surrounding text describes Figure 4-3 .

4.4 Searching Application Resources

To search application resources, proceed as follows:

  1. Select an application in the navigation panel and expand it to expose all nodes in the hierarchy.

  2. Either double-click Resources or select it and click Open to display the Search - Resources tab in the Authorization Management tab.

  3. In the Search area of that tab, enter the query parameters as follows:

    • Select an operator for the Name from the first pull-down list and enter a string to match.

    • Select an operator for the Display Name from the second pull-down list and enter a string to match.

    • Select an operator for the Resource Type and then select a resource type from the pull-down list to the right. This selection is required.

    • Optionally, click Reset to set the parameter values to the values they had before you entered the current values.

  4. Optionally, click Save... to save the current query parameters. The name of the saved collection then appears in the pull-down list Saved Search. Selecting a saved search from this pull-down list fills in the query parameters automatically with the saved values.

  5. Click Search to trigger the search. All resources matching the entered specifications are displayed in the table Search Results.

    The actions at the top of this table allow:

    • Creating a resource (New)

    • Editing a resource (Open)

    • Deleting a resource (Delete)

    • Creating a new policy based on a resource (New Policy)

    • Finding policies that contain a resource (Find Policy)

    • Detaching the Search Results table (Detach)

Figure 4-4 illustrates the results of an advanced search on resources with previously saved query parameters (under myAppResources).

Figure 4-4 Resources - Advanced Search

Surrounding text describes Figure 4-4 .

4.5 Searching Application Entitlements

To search application entitlements, proceed as follows:

  1. Select an application in the navigation panel and expand it to expose all nodes in the hierarchy.

  2. Either double-click Entitlements or select it and click Open to display the Search - Entitlements tab in the Authorization Management tab.

  3. In the Search area of that tab, enter the query parameters as follows:

    • Select an operator for the Name from the first pull-down list and enter a string to match.

    • Select an operator for the Display Name from the second pull-down list and enter a string to match.

    • Select an operator for the Resource and enter a string to match.

    • Optionally, click Reset to set the parameter values to the values they had before you entered the current values.

  4. Optionally, click Save... to save the current query parameters. The name of the saved collection then appears in the pull-down list Saved Search. Selecting a saved search from this pull-down list fills in the query parameters automatically with the saved values.

  5. Click Search to trigger the search. All entitlements matching the entered specifications are displayed in the table Search Results.

    The actions at the top of this table allow:

    • Creating an entitlement (New)

    • Editing an entitlement (Open)

    • Delete an entitlement (Delete)

    • Creating a new policy based on an entitlement (New Policy)

    • Finding policies that contain an entitlement (Find Policy)

    • Detaching the Search Results table (Detach)

Figure 4-5 illustrates the results of an advanced search on entitlements with previously saved query parameters (under myEnts).

Figure 4-5 Entitlements - Advanced Search

Surrounding text describes Figure 4-5 .

4.6 Searching Application Policies

Application policies can be searched by specifying entitlements, resources, or principals to match, as explained in the following sections:

Alternative ways of finding application policies that contain an entitlement or a resource is available using the action menu Find Policy as explained in sections Searching Application Entitlements and Searching Application Resources.

4.6.1 Finding Application Policies that Match Entitlements or Resources

To query application policies that match entitlements or resources, proceed as follows:

  1. Select an application in the navigation panel and expand it to expose all nodes in the hierarchy.

  2. Either double-click Policies or select it and click Open to display the Search - Policies tab in the Authorization Management tab.

  3. In this tab, click Function Resource to display the page where you specify parameters for entitlement and/or resource names.

  4. Select an operator for the Entitlement Name from the first pull-down list and enter a string to match, and/or select an operator for the Resource Name from the second pull-down list and enter a string to match.

    At least one of Entitlement Name or Resource Name must be specified.

  5. Click Search to trigger the search.

  6. To view all entitlement-based policies matching the specification, click Entitlement Policies. The actions New Policy and Delete at the top of table in this area allows creating an entitlement-based policy and deleting a policy.

  7. To view all resource-based policies matching the specification, click Resource Based Policies. The actions New Policy, Open, and Delete at the top of table in this area allows creating, editing, and deleting a resource-based policy.

  8. To view the details of a item, linger the cursor over the information blue button.

4.6.2 Finding Application Policies that Match Principals

To query application policies that match principals, proceed as follows:

  1. Select an application in the navigation panel and expand it to expose all nodes in the hierarchy.

  2. Either double-click Policies or select it and click Open to display the Search - Policies tab in the Authorization Management tab.

  3. In this tab, click Principal to display the page where you specify parameters for the principal to match.

  4. Select the type of principal from the first pull-down, an operator from the second pull-down list, and enter a string to match.

  5. Click Search to trigger the search.

  6. To view all entitlement-based policies matching a principal, select a principal from the Found Principals table, and click Entitlement Policies. The New Policy menu at the top of table allows creating an entitlement-based policy.

  7. To view all resource-based policies matching a principal, select a principal from the Found Principals table, and click Resource Based Policies. The New Policy and Open menus at the top of table in this area allows creating and editing a resource-based policy.

  8. To view the details of a item, linger the cursor over the information blue button.

4.7 Reusing Search Parameter Values

Advanced search allows saving the set of parameters used in the search. This option facilitates reproducing the results of a previous search quickly without the need to enter the same set of values multiple times.

A set of parameters is given a name and saved using the button Save..., and it is reused using the pull-down list Saved Search. Selecting a set of parameters from that list, automatically fills in the search parameters with the saved values. Figure 4-6 illustrates the Create Saved Search dialog.

Figure 4-6 Saving the Parameters of a Search

Surrounding text describes Figure 4-6 .