An account on a target.


Oracle Application Development Framework. An end-to-end development framework, built on top of the Enterprise Java platform, that provides integrated infrastructure solutions for the various layers of an application and an easy way to develop on top of those layers.

authentication provider

A security provider that manages and enforces authentication rules.

For more detailed information, refer to "Configuring Authentication Providers" in the Oracle Fusion Middleware Securing Oracle WebLogic Server.

BI Publisher

An Oracle reporting product that can create and manage formatted reports from different data sources.

bootstrap user

A default administrator (weblogic user) who is a member of the Administrators group. This user can create and assign users to Oracle Privileged Account Manager Admin Roles and can map users from the domain identity store to Oracle Privileged Account Manager Common Admin Roles.

Credential Store Framework

See CSF.


Create, Read, Update, and Delete. Basic functions of persistent storage or a database.


Credential Store Framework. An OPSS component that primarily provides secure storage for credentials.


An environment variable that is usually



A user, group, or role that has been granted access to a privileged account.


Identity Connector FrameWork. A component that provides basic provisioning, reconciliation, and other functions required by all Oracle Identity Manager and Oracle Waveset connectors.

Identity Connector FrameWork

See ICF.

identity propagation

Process in which the OPSS Trust Service Asserter examines and validates a token, and then asserts that the identity performing a RESTful call against the Oracle Privileged Account Manager server is the one contained in the token.

JSON representation

JavaScript Object Notation. A lightweight, human-readable data format that is taken from JavaScript and used to exchange information between a browser and a server.

ldifmigrator tool

Oracle Internet Directory Data Migration Tool. Converts LDIF files output from other directories or application-specific repositories into a format recognized by Oracle Internet Directory.

Oracle Privileged Account Manager client

Component that resides with the Oracle Privileged Account Manager target to provide passwords to the system for unattended connections.

Oracle Privileged Account Manager server

Component that handles password requests, generates passwords, protects the password keystore, etc.

Oracle Privileged Account Manager target

Component that has its privileged passwords managed by Oracle Privileged Account Manager.


Oracle Platform Security Services. A standards-based, portable, integrated, enterprise-grade security framework for Java Standard Edition (Java SE) and Java Enterprise Edition (Java EE) applications.

Oracle Application Development Framework

See ADF.

Oracle Internet Directory Data Migration Tool

See ldifmigrator tool.

Oracle Platform Security Services


Password Policy

Captures the password construction requirements enforced by a specific target on an associated privileged account. Administrators use this policy to construct the password value that Oracle Privileged Account Manager uses to reset a password on a privileged account. Every privileged account managed by Oracle Privileged Account Manager has an associated Password Policy.

privileged account

An account on a target that is deemed "privileged" in a deployment and is under Oracle Privileged Account Manager's purview. Accounts are usually privileged when

  • They are associated with elevated privileges

  • They are used by multiple end-users on a task-by-task basis

  • Their use must be controlled and audited

Repository Creation Utility

Oracle Repository Creation Utility. An application that you can use to create a schema and load a repository into the database.

Representational State Transfer



Representation of targets and accounts.


Representational State Transfer. Software architecture style for distributed hypermedia systems like the World Wide Web. Conforming to REST constraints is otherwise known as being RESTful.


Security Assertion Markup Language. An XML-based open standard product provided by the OASIS Security Services Technical Committee that enables the exchange of authentication and authorization data between security domains.

Security Assertion Markup Language


service account

An account that Oracle Privileged Account Manager uses when it connects to a target system and to perform all Oracle Privileged Account Manager-related operations (such as discovering accounts, resetting passwords, and so forth) on that target system, Service accounts require some special privileges and properties. Service accounts are sometimes referred to as unattended accounts.


The directory where you downloaded and extracted Oracle Privileged Account Manager.


A software system that contains, uses, and relies on accounts (user, system, or application).

unattended accounts

See service account.

Usage Policy

Defines the constraints around when and how a grantee can use a privileged account. Each privileged account managed by Oracle Privileged Account Manager has an associated Usage Policy.