Oracle Authorization Policy Manager user interface uses the following general operational principle: first the administrator identifies a security object (by browsing or searching), and then, once the object has been selected, he chooses one of the operations available on it.
This chapter describes the major tabs, the navigation panel, how to use the navigation panel to carry out simple queries on various artifacts, the online help system, and some frequent uses of Authorization Policy Manager.
This information is presented in the following sections:
Authorization Policy Manager contains the following three major tabs:
The Authorization Management tab is used to search and maintain security artifacts. For details, see Chapter 4, "Querying Security Artifacts," and Chapter 5, "Managing Security Artifacts."
The System Configuration tab is used to specify delegated administrators, that is, to define the external roles that can manage a prescribed set of applications. For details, see Chapter 6, "Delegated Administration."
Upon a successful log in, Authorization Policy Manager displays the Welcome page, partially illustrated in Figure 3-1. This page contains is divided into the following areas:
The APM Resource Center area contains links to some of the most commonly used procedures, including how to get started; configuring application access (or how to define the map between application roles and external roles), an application policy, delegated administration; and how to navigate through the tool UI.
The Global area contains links to procedures that pertain artifacts shared across all applications, including searching external roles.
The Applications area contains, at the top, a pull-down listing the application stripes in the policy store used to select the stripe to manage. This area also contains links to procedures, including searching and creating entitlements, resources, resource types, application roles, and application policies.
The navigation panel help users finding security artifacts by browsing or searching. For details about using the navigation panel to search, see Finding Artifacts with a Simple Search.
The navigation panel, partially illustrated in Figure 3-2, is a collapsible and expandable panel that contains, from top to bottom, the following UI gadgets:
A pull-down list to select the scope of a simple search. The scope can be global or specific to a selected application stripe.
A pull-down list to select the artifact to query with a simple search. When the search scope is global, the list shows global artifacts; when specific to an application stripe, it shows application policy artifacts.
A text box to enter a string that the simple search should match. The string you enter is compared against the name and display name of security artifacts, and those that match are displayed in the Search Results tab.
The Browse tab, which displays the following expandable and collapsible hierarchy of nodes:
The Global node, from where to access global artifacts such as external roles.
One node per application stripe and to which the logged in user has access. Note that the list of applications shown depends on the logged in user. For details, see Chapter 6, "Delegated Administration."
From any of these nodes, one can access application-specific artifacts such as resource types, entitlements, resources, policies, and the role category.
Note:
As mentioned above, each node in the hierarchy identifies a application stripe in the domain policy store. Several applications can share a logical stripe.Typically, each J2EE/ADF or J2SE application has its own application stripe which is not shared with any other applications; but when several applications make up a larger logical application, then an application stripe can be shared by those applications members of the larger one.
The Search Results tab, which displays the results of the last simple search.
The top of the navigation panel, shown in Figure 3-2, is used to specify simple queries. Advanced queries are also available; for details see Chapter 4, "Querying Security Artifacts."
To specify a simple search, proceed as follows:
Select the search scope from the pull-down list at the top of the navigation panel.
Select the object type to search from the pull-down list second from the top. The list of available object types varies according to the search scope selected.
If you select Resource Instance (on an application), you must also select the Resource Type from the pull-down list next to the object type box.
Enter a string to match in the text box, possibly using the wildcard characters % or * (the wild character matches any character in the pattern).
The search returns all names and display names of the object type selected that match the specified string; leave this box empty to obtain the list of all objects of the specified type.
Click the Go button to trigger the search and to display the results in the tab Search Results, which is automatically brought to the foreground when the search is completed. Positioning the cursor on the blue information button next to an item displays the item details. The Search Results tab shows at most the first 200 matches found by the search.
Once an item is selected in the Search Results, it can be opened or edited by clicking Open or Edit at the top of the table.
Figure 3-3 illustrates the results of a simple search on roles for an application and the details of an application role returned by the simple search.
To access online help documentation, on the upper right corner of any window, click Help to bring up the help window, partially illustrated in Figure 3-4.
In this window, you can select the documentation to view by choosing an item from the pull-down Book box. Selecting Authorization Policy Manager Online Help displays several topics in the online documentation; selecting Administrator's Guide for Authorization Policy Manager displays the table of contents of this guide.
Also you can search for a string in a displayed page (Find in Page) or within either of the two books available (select book and use Search).
The following scenarios describe frequent uses of Authorization Policy Manager:
Find artifacts whose names or display names match a pattern. For details, see Finding Artifacts with a Simple Search.
Given an external role, view all the application roles mapped to the external role. For details, see Section 5.4, "Mapping Application Roles to an External Role."
Given an application role, view all the external roles mapped to the application role. For details, see Section 5.5, "Mapping External Roles to an Application Role."
Given an application role, view the application hierarchy at the role. For details, see Section 5.3, "Managing the Application Role Hierarchy."
Given an entitlement, view all application policies that use the entitlement. For details, see Section 4.6.1, "Finding Application Policies that Match Entitlements or Resources."
Given a principal (that is, a user, an external role, or an application role), view all the application policies that use the principal. For details, see Section 4.6.2, "Finding Application Policies that Match Principals."