This section summarizes the OAAM access roles, sets of functionality, and levels of access in OAAM. "Access roles" control access to functionality within OAAM.
The Oracle Adaptive Access Manager users can access functionality based on the roles they are assigned. These administrator roles have specific permissions assigned to them based on their responsibilities.
Oracle Adaptive Access Manager ships the following default roles:
OAAMCSRGroup - Support Personnel
OAAMCSRManagerGroup - Support Personnel
OAAMInvestigatorGroup - Investigators
OAAMInvestigationManagerGroup - Investigators
OAAMRuleAdministratorGroup - Security Administrators
OAAMEnvAdminGroup - System Administrators
You can create new users and assign the relevant Oracle Adaptive Access Manager roles in the Oracle Adaptive Access Manager domain by using the Oracle WebLogic Administration console. Best practices is to refrain from assigning multiple roles to a single user. If a user has multiple roles assigned to him, the user will have all of the permissions from the different groups.
Note:
Starting with OAAM 11g Release 2 (11.1.2.0.0), the default mechanism to secure Web Services is by using Oracle Web Service Manager policies. OAAMSOAPServicesGroup is no longer used and should not be created.Support personnel such as CSRs have very limited access to the OAAM Administration Console. Support personnel (CSR and CSR Managers) use Oracle Adaptive Access Manager's case management tools to handle customer cases day-to-day. They have detailed knowledge about user activity.
Table G-1 Support Representatives
Items | Support Representatives (CSR) have access to these features | Notes |
---|---|---|
Users with the Support Representative role have very limited access to the OAAM Administration Console. |
||
Cases |
CSRs have access to search, open and create CSR type cases. There are no outward facing hyperlinks in any of the pages CSRs have access to. They have access to a limited list of actions. They have no access to bulk edit functions on search cases page. |
Search cases
|
New cases
|
||
View case details
|
||
Edit case
|
CSR Managers have the access privileges of the CSR and access to some other limited functionality. Support personnel (CSR and CSR Managers) use Oracle Adaptive Access Manager's case management tools to handle security and customers cases day-to-day. They have detailed knowledge about user activity and security issues.
Items | Support Managers have access to these features | Notes |
---|---|---|
Support Managers have the access privileges of the Support Representative and some other limited functionality. |
||
Cases |
No create agent type cases. Hide actions, log and linked/related tabs in agent cases |
Search Cases
|
New Case
|
||
View Case Details
|
||
Edit cases
|
Fraud Investigators have wide access to the OAAM Administration Console. Fraud Investigators use Oracle Adaptive Access Manager's case management tools to handle security cases day-to-day.
Items | Fraud Investigators have access to these features | Notes |
---|---|---|
Fraud Investigators have wide access to the OAAM Administration Console. |
||
Also access to add /remove/delete group memberships from details pages |
||
Navigation Tree |
None |
|
Cases |
Full access. |
|
Search page |
Search Agent Cases |
|
Scheduler |
No access |
|
Environment |
No access |
Fraud Investigation Managers have wide access to the OAAM Administration Console. Fraud Investigation Managers use Oracle Adaptive Access Manager's case management tools to handle security cases day-to-day.
Table G-4 Fraud Investigation Manager
Items | Fraud Investigation Managers have access to these features | Notes |
---|---|---|
Fraud Investigation Managers have wide access to the OAAM Administration Console. |
||
Access to add /remove/delete group memberships from other pages |
||
Navigation tree |
None |
|
Cases |
Full access. |
|
Scheduler |
No access |
|
Environment |
No access |
|
Home Page |
Search Agent Cases |
Security Administrators have wide access to the OAAM Administration Console.
Security Administrators (Rule Administrators) gather intelligence from various sources to identify needs and develop requirements to address them. Some sources for intelligence include Investigators, industry reports, antifraud networks, compliance mandates, and company polices.
Security Administrators plan, configure and deploy policies based on the requirements from analysts.
Table G-5 Security Administrator
Items | Security Administrators have access to these features | Notes |
---|---|---|
Security Administrators have wide access to the OAAM Administration Console. |
||
Except Environment node and security dashboard (should be hidden by default) |
||
Navigation Tree |
Full Access |
Not closable |
Home Page |
Search Policies |
|
Cases |
View only access |
|
Scheduler |
Access for Offline Security Administrators |
|
Environment |
No access |
System Administrators have limited access to the OAAM Administration Console for system administration duties. They configure environment-level properties and transactions.
Table G-6 System Administrator
Items | System Administrators have access to these features | Notes |
---|---|---|
System administrators have limited access to the OAAM Administration Console for system administration duties |
||
|
||
Navigation Tree |
Partial access |
|
Scheduler |
Access to Online and Offline System Administrators |
|
Environment |
Full access |
|
Home Page |
Search Properties |