Oracle E-Business Suite Security Guide

Contents

Title and Copyright Information

Send Us Your Comments

Preface

Authentication and Authorization

Introduction to Authentication and Authorization

Access Control in Oracle E-Business Suite
Oracle User Management
Oracle Application Object Library Security

Access Control with Oracle User Management

Overview
Function Security
Data Security
Role Based Access Control (RBAC)
Delegated Administration
Provisioning Services
Self-Service and Approvals
Access Control With Proxy Users
      The Proxy User Feature

Oracle User Management Setup and Administration

Setup Tasks
      Defining Role Categories
      Creating and Updating Roles
      Security Wizard
      Assigning Permissions to Roles
      Searching For Assigned Roles
      Diagnostics for User-Role Assignment
      Creating Instance Sets and Permission Sets
      Defining Delegated Administration Privileges for Roles
      Defining Data Security Policies
      Defining Role Inheritance Hierarchies
      Creating and Updating Registration Processes
      Configuring the User Name Policy
Delegated Administration Tasks
      Maintaining People and Users
      Creating, Inactivating, and Reactivating User Accounts
      Resetting User Passwords
      Unlocking Locked User Accounts
      Assigning Roles to or Revoking Roles from Users
      Fine Grained Access Control for Role Administration
      Managing System Accounts
      Registering External Organization Contacts
      Registering User Accounts
      Managing Proxy Users
Self Service Features
      Self-Service Registration
      Requesting Additional Application Access
      Login Assistance
Security Reports
      Home Page
      Listing Functions for a User
      Listing Data Security and Business Objects for a User
      Listing Roles and Responsibilities for a User
      Listing Users With a Given Role
      Listing Functions That Can Be Accessed From a Given Role
      Listing Objects for a Given Role
      Listing Users for a Given Function
      Listing Roles and Responsibilities for a Given Object

Oracle Application Object Library Security

Overview of Oracle E-Business Suite Security
      HRMS Security
      Enterprise Command Center Security
Oracle E-Business Suite User Passwords
Guest User Account
User Session Limits
Defining a Responsibility
      Additional Notes About Responsibilities
Defining Request Security
Oracle Applications Manager Security Tests
Overview of Security Groups in Oracle HRMS
      Defining Security Groups
Overview of Function Security
      Terms
      Executable Functions vs. Non-executable Functions
      Functions, Menus, and the Navigate Window
      Menu Entries with a Submenu and Functions
      How Function Security Works
Implementing Function Security
      Defining a New Menu Structure
      Notes About Defining Menus
      Menu Compilation
      Preserving Custom Menus Across Upgrades
Overview of Data Security
      Concepts and Definitions
      Implementation of Data Security
Responsibilities Window
Security Groups Window
Users Window
Form Functions Window
Menus Window
Menu Viewer
Objects
      Find Objects
      Update Object
      Create Object
      Object Detail
      Delete Object
Object Instance Sets
      Manage Object Instance Set
      Create Object Instance Set
      Update Object Instance Set
      Delete Object Instance Set
      Object Instance Set Details
Grants
      Search Grants
      Create Grant
      Define Grant
      Select Object Data Context
      Define Object Parameters and Select Set
      Review and Finish
      Update Grant
      View Grant
Functions
      Search
      Create Function
      Update Function
      Duplicate Function
      View Function
      Delete Function
Navigation Menus
      Search for Menus
      Create Navigation Menu
      Update Menu
      Duplicate Menu
      View Menu
      Delete Menu
Permissions
      Create Permission
      Update Permission
      Duplicate Permission
      View Permission
      Delete Permission
Permission Sets
      Create Permission Set
      Update Permission Set
      Duplicate Permission Set
      View Permission Set
      Delete Permission Set
Compile Security Concurrent Program
      Parameter
Function Security Reports
Users of a Responsibility Report
      Report Parameters
      Report Heading
      Column Headings
Active Responsibilities Report
      Report Parameters
      Report Heading
      Column Headings
Active Users Report
      Report Parameters
      Report Heading
      Column Headings
Reports and Sets by Responsibility Report
      Report Parameters
      Report Headings
Oracle Application Object Library REST Security Services
Cookie Domain Scoping
Allowed Resources
Allowed Redirects

Single Sign-On Integration

Overview of Single Sign-On Integration
Introduction to Enterprise User Management
Integration Actions and Options
Enterprise User Management
Deployment Scenario 0: E-Business Suite + SSO and Oracle Directory Services
User Management Options
End-User Experience
Session Timeout Behavior
User Management Options
      Critical Implementation Decisions
Implementation Instructions
Deployment Scenario 1: Multiple Oracle E-Business Suite Instances + Central SSO and Oracle Directory Services Instance
Deployment Scenario 2: New Oracle E-Business Suite Installation + Existing Third-Party Identity Management Solution
End-User Experience
User Management
      Critical Implementation Decisions
Implementation Instructions
Deployment Scenario 3: Existing Oracle E-Business Suite Instance + Existing Third-Party Identity Management Solutions
Critical Implementation Decisions
Implementation Instructions
Deployment Scenario 4: Multiple Oracle E-Business Suite Instances with Unique User Populations
Advanced Features
Single Sign-On Profile Options
Configuring Directory Integration Platform Provisioning Templates
Administering the Provisioning Process
Changing E-Business Suite Database Account Password
Manual Subscription Management With Provsubtool
Migrating Data Between Oracle E-Business Suite and Oracle Directory Services
Enabling and Disabling Users
Synchronizing Oracle HRMS with Oracle Directory Services
Supported Attributes
FND_SSO_UTIL Procedures
References and Resources for Single Sign-On
Glossary of Terms

Secure Configuration

Overview of Secure Configuration

About Oracle E-Business Suite Secure Configuration
System-Wide Advice
Differences Between Oracle E-Business Suite Releases

Oracle TNS Listener Security

About Oracle TNS Listener Security
Hardening
Network
Authentication
Authorization
Audit

Oracle Database Security

About Oracle Database Security
Hardening
Authentication
Authorization

Oracle Application Tier Security

About Oracle Application Tier Security
Hardening
Authorization
Network

Oracle E-Business Suite Security

About Oracle E-Business Suite Security
Hardening
Network
Authentication
Authorization

Desktop Security

About Desktop Security
Hardening

Operating Environment Security

Overview of Operating Environment Security
Hardening
Network
Authentication
Authorization
Maintenance

Secure Configuration Console

Overview
Using the Secure Configuration Console

Guidelines for Auditing and Logging

Introduction to Guidelines for Auditing and Logging

About Auditing and Logging
Why Audit?

Auditing and Logging Features in Oracle E-Business Suite

Overview of Features
Recent and Current Activity
Historical Activity
Unexpected Events
Oracle E-Business Suite Auditing Scripts

Using Oracle E-Business Suite Application Auditing and Logging Features

Introduction
Unsuccessful Login Attempts
Data Changes Tracked with Who Columns
Sign-On Audit
Enabling Sign-On Audit
Purging Sign-On Audit Data
Sign-On Audit Reports
Session Audit Information
Page Access Tracking
Database Connection Tagging
Debug Logging (Unexpected Logging)
Oracle E-Business Suite Audit Trail

Oracle E-Business Suite Technology Stack Auditing and Logging Features

Introduction
Application Tier Technology Stack
Format of the Listener Log Audit Trail
Database Alert Log
Database Auditing
Schema Changes
System Auditing
Object Level Auditing
Audit Trail Maintenance
Optional Oracle Technology Integrations

Enabling Oracle E-Business Suite Audit Trail

Overview
Steps to Enable Audit Trail
Audit Trail Shadow Tables, Triggers, and View
Purging Audit Trail Records
Disabling an Enabled Audit Trail
Restarting an Audit
Tables
Reporting on Audit Data
Implications of Upgrading and Audit Trail
Disabling Audit Trail
Additional Audit Trail Reporting
      Audit Industry Template
      Audit Hierarchy Navigator
      Audit Query Navigator
      Audit Report
Monitor Users Window
Audit Installations Window
Audit Groups Window
Audit Tables Window
Audit Trail Search Pages

Running Web-Scanning Tools

Overview
Preparing Your Oracle E-Business Suite System for the Web Scan
Reviewing the Results

Database Schemas Found in Oracle E-Business Suite

Table of Database Schemas in Oracle E-Business Suite

Processes Used by Oracle E-Business Suite

Table of Processes Used by Oracle E-Business Suite

Ports Used by Oracle E-Business Suite

Table of Ports Used by Oracle E-Business Suite
Table of Ports Used by WebLogic Server

Security Checklist

About the Security Checklist
Overview
Oracle TNS Listener Security
Oracle Database Security
Oracle Application Tier Security
Oracle E-Business Suite Security
Desktop Security
Operating Environment Security

Sign-On Audit Concurrent Manager Reports

About Sign-On Audit Concurrent Manager Reports
Sign-On Audit Concurrent Requests Report
Sign-On Audit Forms Report
Sign-On Audit Responsibilities Report
Sign-On Audit Unsuccessful Logins Report
Sign-On Audit Users Report

Additional References

References

Index