Oracle E-Business Suite System Administrator's Guide - Security

Contents

Title and Copyright Information

Send Us Your Comments

Preface

Introduction

Access Control in Oracle E-Business Suite

Oracle User Management

Oracle Application Object Library Security

User and Data Auditing

Access Control with Oracle User Management

Overview

      Function Security

      Data Security

      Role Based Access Control (RBAC)

      Delegated Administration

      Delegating to Proxy Users

      Provisioning Services

      Self-Service and Approvals

Oracle User Management Setup and Administration

Setup Tasks

      Defining Role Categories

      Creating and Updating Roles

      Security Wizard

      Assigning Permissions to Roles

      Searching For Assigned Roles

      Diagnostics for User-Role Assignment

      Creating Instance Sets and Permission Sets

      Defining Delegated Administration Privileges for Roles

      Defining Data Security Policies

      Defining Role Inheritance Hierarchies

      Creating and Updating Registration Processes

      Configuring the User Name Policy

Delegated Administration Tasks

      Maintaining People and Users

      Creating, Inactivating, and Reactivating User Accounts

      Resetting User Passwords

      Unlocking Locked User Accounts

      Assigning Roles to or Revoking Roles from Users

      Fine Grained Access Control for Role Administration

      Managing System Accounts

      Managing Proxy Users

      Registering External Organization Contacts

Self Service Features

      Self-Service Registration

      Requesting Additional Application Access

      Login Assistance

Security Reports

      Home Page

      Listing Functions for a User

      Listing Data Security and Business Objects for a User

      Listing Roles and Responsibilities for a User

      Listing Users With a Given Role

      Listing Functions That Can Be Accessed From a Given Role

      Listing Objects for a Given Role

      Listing Users for a Given Function

      Listing Roles and Responsibilities for a Given Object

Oracle Application Object Library Security

Overview of Oracle E-Business Suite Security

      HRMS Security

Defining a Responsibility

      Additional Notes About Responsibilities

Defining Request Security

User Session Limits

Guest User Account

Oracle E-Business Suite User Passwords

Overview of Security Groups in Oracle HRMS

      Defining Security Groups

Overview of Function Security

      Terms

      Executable functions vs. Non-executable functions

      Functions, Menus, and the Navigate Window

      Menu Entries with a Submenu and Functions

      How Function Security Works

Implementing Function Security

      Defining a New Menu Structure

      Notes About Defining Menus

      Menu Compilation

      Preserving Custom Menus Across Upgrades

Overview of Data Security

      Concepts and Definitions

      Implementation of Data Security

Responsibilities Window

Security Groups Window

Users Window

Form Functions Window

Menus Window

Menu Viewer

Objects

      Find Objects

      Update Object

      Create Object

      Object Detail

      Delete Object

Object Instance Sets

      Manage Object Instance Set

      Create Object Instance Set

      Update Object Instance Set

      Delete Object Instance Set

      Object Instance Set Details

Grants

      Search Grants

      Create Grant

      Define Grant

      Select Object Data Context

      Define Object Parameters and Select Set

      Review and Finish

      Update Grant

      View Grant

Functions

      Search

      Create Function

      Update Function

      Duplicate Function

      View Function

      Delete Function

Navigation Menus

      Search for Menus

      Create Navigation Menu

      Update Menu

      Duplicate Menu

      View Menu

      Delete Menu

Permissions

      Create Permission

      Update Permission

      Duplicate Permission

      View Permission

      Delete Permission

Permission Sets

      Create Permission Set

      Update Permission Set

      Duplicate Permission Set

      View Permission Set

      Delete Permission Set

Compile Security Concurrent Program

      Parameter

Function Security Reports

Users of a Responsibility Report

      Report Parameters

      Report Heading

      Column Headings

Active Responsibilities Report

      Report Parameters

      Report Heading

      Column Headings

Active Users Report

      Report Parameters

      Report Heading

      Column Headings

Reports and Sets by Responsibility Report

      Report Parameters

      Report Headings

Auditing and Monitoring

Overview of Auditing and Monitoring

      Auditing User Activity

      Auditing Database Row Changes

Auditing User Activity

      Major Features

      Setting Up Sign-On Audit

      Using the Application Monitor

      Notifying of Unsuccessful Logins

      Sign-On Audit Reports

Reporting On AuditTrail Data

      AuditTrail

      Audit Trail Update Tables Report

      Changing Your Audit Tables

      Setting Up AuditTrail

      AuditTrail Tables, Triggers and Views

      Reporting on Audit Information

      Disabling AuditTrail and Archiving Audit Data

Additional Audit Trail Reporting

      Audit Industry Template

      Audit Hierarchy Editor

      Audit Query Navigator

      Audit Report

Monitor Users Window

Audit Installations Window

Audit Groups Window

Audit Tables Window

Signon Audit Concurrent Requests Report

      Report Parameters

      Report Heading

      Column Headings

Signon Audit Forms Report

      Report Parameters

      Report Heading

      Column Headings

Signon Audit Responsibilities Report

      Report Parameters

      Report Heading

      Column Headings

Signon Audit Unsuccessful Logins Report

      Report Parameters

      Report Heading

      Column Headings

Signon Audit Users Report

      Report Parameters

      Report Heading

      Column Headings

Purge Signon Audit Data Program

      Parameters

Database Connection Tagging

      Usage

      Management

Oracle Single Sign-On Integration (Optional)

Introduction

Overview of Single Sign-On

Enterprise User Management

Deployment Scenario 0: E-Business Suite + SSO and OID

User Management Options

End-User Experience

Session Timeout Behavior

User Management Options

      Critical Implementation Decisions

Detailed Implementation Instructions

Deployment Scenario 1: Multiple Oracle E-Business Suite Instances + Central SSO and OID Instance

Deployment Scenario 2: New Oracle E-Business Suite Installation + Existing Third-Party Identity Management Solution

End-User Experience

User Management

      Critical Implementation Decisions

Detailed Implementation Instructions

Deployment Scenario 3: Existing Oracle E-Business Suite Instance + Existing Third-Party Identity Management Solutions

Critical Implementation Decisions

Detailed Implementation Instructions

Deployment Scenario 4: Multiple Oracle E-Business Suite Instances with Unique User Populations

Advanced Features

Single Sign-On Profile Options

Configuring Directory Integration Platform Provisioning Templates

Administering the Provisioning Process

Changing E-Business Suite Database Account Password

Manual Subscription Management With Provsubtool

Migrating Data between Oracle E-Business Suite and Oracle Internet Directory

Enabling and Disabling Users

Synchronizing Oracle HRMS with Oracle Internet Directory

Supported Attributes

References and Resources

Glossary of Terms

Index