1/19
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
1
Introducing Oracle Entitlements Server
1.1
About Access Control
1.2
Overview of Oracle Entitlements Server
1.2.1
Understanding Oracle Entitlements Server Releases
1.2.2
Using the Authorization Policy Manager Console
1.2.3
Features of Oracle Entitlements Server 11gR1
1.3
Overview of the Oracle Entitlements Server Architecture
1.3.1
The Policy Administration Point
1.3.2
The Policy Decision Point and the Policy Enforcement Point
1.3.2.1
Security Module as PDP
1.3.2.2
Security Module as Combination PDP / PEP
1.3.2.3
Understanding the Types of Security Modules
1.3.3
The Policy Information Point
1.4
How Oracle Entitlements Server Processes Authorization Policies
1.5
About the Supported Access Control Standards
1.5.1
Role-based Access Control (RBAC)
1.5.2
Attribute-Based Access Control (ABAC)
1.5.3
Java Permissions
1.5.4
XACML 2.0
1.5.5
PEP (Open Az) API
2
Understanding the Policy Model
2.1
Understanding Oracle Entitlements Server Policies
2.1.1
Understanding the Authorization Policy
2.1.2
Understanding Role Assignments and the Role Mapping Policy
2.2
How Oracle Entitlements Server Evaluates Policies
2.3
The Policy Object Glossary
2.4
Implementing a Policy Use Case
2.4.1
Protecting Software Components
2.4.2
Protecting Business Objects
3
Getting Started With Oracle Entitlements Server
3.1
Before You Begin
3.2
Understanding The Graphical Interface
3.2.1
Assigning Oracle Entitlements Server Administrators
3.2.2
Using the Identity Store
3.2.3
Accessing the Policy Store
3.3
Accessing the Administration Console
3.3.1
Signing In to the Administration Console
3.3.2
Signing Out of the Administration Console
3.4
Navigating the Administration Console
3.4.1
Understanding the Main Tabs
3.4.1.1
Authorization Management Tab
3.4.1.2
System Configuration Tab
3.4.2
Using The Navigation Panel
3.4.3
The Home Area
3.4.4
Online Help
4
Managing Policies and Roles
4.1
Introducing Policy and Policy Object Management
4.2
Defining an Authorization Policy And Its Components
4.3
Adding Fine-Grained Elements to an Authorization Policy
4.4
Implementing An Authorization Policy Step by Step
4.5
Managing Policy Objects in An Application
4.5.1
Managing Applications
4.5.1.1
Creating an Application
4.5.1.2
Modifying an Application
4.5.1.3
Deleting an Application
4.5.2
Managing Resource Types
4.5.2.1
Creating a Resource Type
4.5.2.2
Modifying a Resource Type
4.5.2.3
Deleting a Resource Type
4.5.3
Managing Resources
4.5.3.1
Creating a Resource
4.5.3.2
Modifying a Resource
4.5.3.3
Deleting a Resource
4.5.4
Managing Entitlements
4.5.4.1
Creating an Entitlement
4.5.4.2
Modifying an Entitlement
4.5.4.3
Deleting an Entitlement
4.5.5
Managing Authorization Policies
4.5.5.1
Creating an Authorization Policy
4.5.5.2
Modifying an Authorization Policy
4.5.5.3
Deleting an Authorization Policy
4.5.6
Managing Application Roles in the Role Catalog
4.5.6.1
Creating an Application Role
4.5.6.2
Modifying an Application Role
4.5.6.3
Mapping External Roles to an Application Role
4.5.6.4
Mapping an External User to an Application Role
4.5.6.5
Deleting an Application Role or Removing External Role Mappings
4.5.7
Managing Role Mapping Policies
4.5.7.1
Creating a Role Mapping Policy
4.5.7.2
Modifying a Role Mapping Policy
4.5.7.3
Deleting a Role Mapping Policy
4.5.8
Managing a Role Category
4.5.9
Managing Attributes and Functions as Extensions
4.5.9.1
Creating an Attribute
4.5.9.2
Modifying an Attribute
4.5.9.3
Deleting an Attribute
4.5.9.4
Creating a Function
4.5.9.5
Modifying a Function
4.5.9.6
Deleting a Function
4.6
Using the Condition Builder
4.6.1
Building a Complex Expression
4.6.2
Passing Parameters to Functions
5
Querying Security Objects
5.1
Searching with the Administration Console
5.2
Finding Objects with a Simple Search
5.3
Finding Objects with an Advanced Search
5.3.1
Searching External Roles
5.3.2
Searching Applications
5.3.3
Searching Resource Types
5.3.4
Searching Application Roles
5.3.5
Searching Role Mapping Policies
5.3.6
Searching Resources
5.3.7
Searching Entitlements
5.3.8
Searching Authorization Policies
5.3.9
Searching Attributes
5.3.10
Searching Functions
6
Configuring Predefined Attribute Retrievers
6.1
Understanding Predefined Attribute Retrievers
6.2
Configuring the Predefined Attribute Retrievers
6.2.1
Configuring the LDAP Respository Attribute Retriever Parameters
6.2.2
Configuring the Database Repository Attribute Retriever Parameters
6.2.3
Configuring Individual Attributes for Predefined Attribute Retrievers
6.3
Modifying jps-config.xml
6.4
Setting Up PIP Connection Credentials
7
Managing Policy Distribution
7.1
Understanding Policy Distribution
7.1.1
Using a Central Policy Distribution Component
7.1.2
Using a Local Policy Distribution Component
7.2
Defining Distribution Modes
7.2.1
Controlled Distribution
7.2.2
Non-controlled Distribution
7.3
Distributing Policies
7.3.1
Distributing Policies Using the Administration Console
8
Managing System Configurations
8.1
Delegating With Administrators
8.2
Configuring Security Module Definitions
8.2.1
Creating a Security Module Definition
8.2.2
Binding an Application to a Security Module
8.2.3
Unbinding an Application From a Security Module
8.2.4
Deleting a Security Module Definition
9
Delegating With Administrator Roles
9.1
About Delegated Administrators
9.2
Delegating Using Scope and Granularity
9.3
Delegating Application Administration
9.3.1
Adding a Delegated Administrator for An Application
9.3.2
Modifying or Deleting an Application's Delegated Administrator
9.4
Using Policy Domains to Delegate
9.4.1
Creating a Policy Domain
9.4.2
Modifying a Policy Domain
9.4.3
Deleting a Policy Domain
9.5
Delegating Policy Domain Administration
9.5.1
Adding a Delegated Administrator to a Policy Domain
9.5.2
Modifying or Deleting a Policy Domain's Delegated Administrator
9.6
Managing System Administrators Using Administrator Roles
9.6.1
Creating a New Administrator Role
9.6.2
Assigning Privileges to an Administrator Role
9.6.3
Modifying Administrator Role Membership
9.6.4
Deleting an Administrator Role
10
Customizing the User Interface
10.1
Customizing Authorization Policy Manager
10.2
Customizing Headers, Footers, and Logo
10.3
Customizing Color Schemes
10.4
Customizing the Login Page
11
Management Tasks
11.1
Integrating with WebLogic Server
11.2
Managing Audit Tasks
11.2.1
Auditing Events
11.2.2
Configuring Auditing
11.2.3
Additional Auditing Information
11.3
Migrating Policies
11.3.1
Migrating From XML to LDAP
11.3.2
Migrating From LDAP to XML
11.3.3
Migrating From XML to Database
11.3.4
Migrating From Database to XML
11.4
Configuring Cache
11.4.1
Configuring Decision Caching
11.4.2
Configuring Attribute Caching
11.5
Debugging
11.5.1
Configuring Logging for Debugging
11.5.1.1
Configuring Logging for a Java Security Module Deployment
11.5.1.2
Configuring Logging for a WebLogic Server Security Module Deployment
11.5.2
Searching Logs to Debug Authorization Policies
11.5.2.1
Searching for PEP Request Information
11.5.2.2
Searching for Security Module Cache Configuration Parameters
11.5.2.3
Searching for Principals
11.5.2.4
Searching for Resources and Actions
11.5.2.5
Searching for the Value of an Attribute
11.5.2.6
Searching for an Authorization Decision
11.5.2.7
Searching for the Value of an Obligation
11.5.2.8
Searching for Static Application Roles
11.5.3
Debugging Policy Distribution
A
Installation and Configuration Parameters
A.1
Policy Distribution Configuration
A.1.1
Policy Distribution Component Server Configuration
A.1.2
Policy Distribution Component Client Configuration
A.1.2.1
Policy Distribution Component Client Java Standard Edition Configuration (Controlled Push Mode)
A.1.2.2
Policy Distribution Component Client Java Enterprise Edition Container Configuration (Controlled Push Mode)
A.1.2.3
Policy Distribution Client Configuration (Controlled Pull Mode)
A.1.2.4
Policy Distribution Client Configuration (Non-controlled Mode)
A.2
Security Module Configuration
A.2.1
Java Security Module
A.2.2
Web Services Security Module
A.2.3
RMI Security Module
A.2.4
WebLogic Server Security Module
A.3
PDP Proxy Configuration
A.3.1
Web Services Security Module Proxy Client
A.3.2
RMI Security Module Proxy Client
A.4
Policy Store Service Configuration
Index
Scripting on this page enhances content navigation, but does not change the content in any way.