Skip Navigation Links | |
Exit Print View | |
Oracle Identity Analytics 11gR1 Database Administrator's Guide |
This chapter describes the tables that make up the Security module.
|
|
A user who uses the Oracle Identity Analytics user interface may or may not be a part of a provisioning solution, therefore these users are defined in a different table, RBX_USERS. Each user is identified by unique entries in the RBACXUSERKEY and USERNAME columns, and an encrypted password in the PASSWORD column. The LAST_PASSWORD_UPDATE field saves the date that the password was last updated. In addition, details such as FIRSTNAME, LASTNAME, and EMAIL are stored in this table, while the ENABLED field represents the status of the user.
The USER_ID refers to the globaluserkey of the corresponding globaluser created where the user is part of a provisioning system. One such example is the case of automated RBX_USER creation on certificate generation.
PK_RBACXUSER - primary key on column RBACXUSERKEY
None
IX_RBX_USERS - non-unique index on column USER_ID
|
|
In Oracle Identity Analytics a designated proxy user can log in to the system and perform various operations on behalf of another user. This user association is based on the Global User ID field. The ORIG_USER_ID column contains the user ID of the original user, whereas the PROXY_USER_ID column contains the user ID of the assignee. Apart from defining the proxy user, the START_DATE, END_DATE, and REQUEST_TYPE columns in this table can be used to hold additional information for audit purposes.
None
None
None
|
|
The PROXY_RBACXROLE table saves information about the role that is granted to the proxy user as a result of the proxy assignment.
None
None
PROXY_ID_RBACXROLE_IDX - unique index on columns PROXY_ID, RBACXROLE_ID, BUSINESSUNIT_ID
PROXY_ID_IDX - non-unique index on column PROXY_ID
RBACXROLE_ID_IDX - non-unique index on column RBACXROLE_ID
BUSINESSUNIT_ID_IDX - non-unique index on column BUSINESSUNIT_ID
|
|
Roles are defined in the security module so that Oracle Identity Analytics can restrict access to the user interface based on access levels. These roles are stored in the RBX_ROLES table. Each role has a unique key defined in the RBACXROLEKEY column, and role details are stored in the NAME and DESCRIPTION fields. The SHORT_NAME and PREDEFINED fields are used in support of out-of-the-box RBX ROLES. The DELEGABLE field identifies whether the role can be delegated to another user.
PK_RBACXROLE - primary key on column RBACXROLEKEY
None
IX_RBX_ROLES_SHORT_NAME - unique index on column SHORT_NAME
IX_RBX_ROLES_USER_PREDEF - non-unique index on column PREDEFINED
|
|
PK_RBACXROLE - primary key on column RBACXROLEKEY
None
IX_RBX_ROLES_SHORT_NAME - unique index on column SHORT_NAME
IX_RBX_ROLES_USER_PREDEF - non-unique index on column PREDEFINED
|
|
A derived table, RBX_USER_RBX_ROLES, associates Oracle Identity Analytics users with their respective security roles. This table carries a unique key, RBACXUSERRBACXROLEKEY, and reference keys to the RBX_USERS and RBX_ROLES tables.
PK_RBACXUSERRBACXROLES - primary key on column RBACXUSERRBACXROLEKEY
None
None
|
|
Each Oracle Identity Analytics security role is mapped to an internal role/privileges, which defines the internal job functions in the tool interface. This mapping is stored in the RBX_ROLE_ACEGI_ROLES table. This table has a unique RBACXROLEACEGIROLEKEY and it references the RBX_ROLES table using the RBACXROLEKEY field.
PK_RBACXROLEACEGIROLES - primary key on column RBACXROLEACEGIROLEKEY
None
None
|
|
The association between an Oracle Identity Analytics user, an Oracle Identity Analytics security role, and a business unit is described in the RBX_USER_RBX_ROLES_BU table. A unique identifier ID identifies all the unique entries in the tables. There are references defined to the RBX_USERS, BUSINESSUNITS, and the RBX_ROLES tables.
PK_RBX_USER_RBX_ROLES_BU - primary key on column ID
None
IX_RBX_USER_RBX_ROLES_BU - non-unique index on column BUSINESSUNITKEY
IX_RBX_USER_RBX_ROLES_BU_USER - non-unique index on column RBACXUSERKEY
IX_RBX_USER_RBX_ROLES_BU_ROLE - non-unique index on column RBACXROLEKEY
IX_RBX_USER_RBX_ROLES_BU - non-unique composite index on columns RBACXUSERKEY, RBACXROLEKEY and BUSINESSUNITKEY
|
|
Oracle Identity Analytics uses a security framework where, on logon, the user account is verified for the user's access levels by checking the user's list of roles. The RBX_AUTHORITIES table handles this framework. A username and the user's role are listed in this table and, if a user has multiple roles, multiple values are stored in the table for a single user. When the user logs in to the Oracle Identity Analytics interface, the username-rolename association is looked up in this table and the user's access is granted.
None
None
IX_RBX_AUTHORITIES - non-unique composite index on columns USERNAME and ROLENAME
|
|
The ACL_OBJECT_IDENTITY table defines the permissions assigned to each business unit or to the various components in Oracle Identity Analytics. The OBJECT_IDENTITY defines the permissions for a particular object. There can be a hierarchy associated in this table and this information is saved in the PARENT_OBJECT field.
PK_ACL_OBJECT_IDENTITY - primary key on column ID
None
None
|
|
The permissions on the objects defined in the previous tables are represented in the ACL_PERMISSION table. Each entry has a unique ID and an ACL_OBJECT_IDENTITY field reference to the ID field of the ACL_OBJECT_IDENTITY table. The RECIPIENT is the role or user for whom the permission is defined. The list of permissions are defined using integers where read/write access is defined using a certain number. Permissions are defined in much the same way that UNIX file permissions are defined.
PK_ACL_PERMISSION - primary key on column ID
FK_ACL_PERMISSION_ACL_OBJ_ID - foreign key on column ACL_OBJECT_IDENTITY that references the ID field in the parent table ACL_OBJECT_IDENTITY. This foreign key is defined with CASCADE DELETE option.
UNIQUE_RECIPIENT - composite unique constraint on columns ACL_OBJECT_IDENTITY and RECIPIENT
|
|
The RBX_ACL_CLASS table is a part of the Oracle Identity Analytics security model. This table contains information related to the Java classes involved in defining security privileges within the system.
ACL_CLASS_PK - primary key on column ID
None
ACL_CLASS_UNIQUE_CLASS - unique index on column CLASS
|
|
This table contains the Oracle Identity Analytics security objects as defined by the RBX_ACL_OBJECT_IDENTITY table. The RBX_ACL_ENTRY table is utilized in the creation of certification managers, enabling them to log in to the application in order to certify, revoke, or remediate a certificate.
PK_RBX_ACL_ENTRY - primary key on column ID
FK_ACL_ENTRY_AOI - foreign key on column ACL_OBJECT_IDENTITY that references the ID field in the parent table RBX_ACL_OBJECT_IDENTITY.
FK_ACL_ENTRY_ACL_SID - foreign key on column SID that references the ID field in the parent table RBX_ACL_SID.
ACL_ENTRY_UNIQUE_OID_ORDER - composite unique constraint on columns ACL_OBJECT_IDENTITY and ACE_ORDER.
|
|
The RBX_ACL_OBJECT_IDENTITY table defines the privileges for different security objects made available to a RBX USER. The OBJECT_ID_CLASS column indicates the Java class used for the security definition, while the OBJECT_ID_IDENTITY column consists of the ID of the security object with which privileges are being associated.
ACL_O_I_PK - primary key on column ID
FK_AOI_ACL_CLASS - foreign key on column OBJECT_ID_CLASS that references the ID field in the parent table RBX_ACL_CLASS.
FK_AOI_PARENT_OBJECT - foreign key on column PARENT_OBJECT that references the ID field in the parent table RBX_ACL_OBJECT_IDENTITY. This foreign key is defined with CASCADE and DELETE option.
FK_AOI_ACL_SID - foreign key on column OWNER_SID that references the ID in the parent table RBX_ACL_SID. This foreign key is defined with CASCADE and DELETE option.
ACL_O_I_UNIQUE_CLASS_OID - composite unique constraint on columns OBJECT_ID_CLASS and OBJECT_ID_IDENTITY.
|
|
The RBX_ACL_SID table represents a user, a principal, or an owner of an Oracle Identity Analytics security user account with whom security privileges are associated. These security privileges define the ability to add, remove, or update security objects.
PK_RBX_ACL_SID - primary key on column ID
None
None
|
|
Oracle Identity Analytics maintains an audit log of all transactions. Each audit entry is stored as a separate record in the RBX_AUDIT_ENTRIES table. Every audit entry is defined by a unique RBACXAUDITENTRYKEY. In addition, the USERNAME, EXECUTIONDATE, DESCRIPTION, OBJECT_NAME, LOCAL_ADDR, REMOTE_ADDR, REMOTE_HOST, and SERVER_NAME fields show the logged audit details. Various services are used in Oracle Identity Analytics and these are listed under the SERVICE field in the table. The ACTIONPERFORMED field shows the type of action performed by the user.
PK_RBX_AUDIT_ENTRIES - primary key on column RBACXAUDITENTRYKEY
None
None
|
|
Each audit entry has extended properties related to it. These properties are defined in the RBX_AUDIT_ENTRY_EXT_PROPS table. Each extended property has its entity defined and is associated with the RBACX_AUDIT_ENTRIES table using the RBACXAUDITENTRYKEY.
PK_RBX_AUDIT_ENTRY_EXT_PROPS - primary key on column RBACXAUDITEXTENDEDPROPERTYKEY
None
IX_RBX_AUDIT_ENTRY_EXT_PROPS - non-unique index on column RBACXAUDITENTRYKEY