Applications Security Guide
11g Release 6 (11.1.6)
Part Number E16689-06
A description of a person's function in the enterprise that is unrelated to the person's job (position), such as employee, contingent worker, or line manager. A type of enterprise role.
A rule that identifies an entity, an action, and a resource to specify if an action is allowed.
The chart of accounts that determines the structure, such as the number and order of individual segments, as well as the corresponding values per segment.
The kind of access named in a security policy, such as view or edit.
Predefined application level user with elevated privileges. An application identity authorizes jobs and transactions for which other users are not authorized, such as a payroll run authorized to access a taxpayer ID while the user who initiated the job is not authorized to access such personally identifiable information.
A role specific to applications and stored in the policy store.
Business Process Execution Language; a standard language for defining how to send XML messages to remote services, manipulate XML data structures, receive XML messages asynchronously from remote services, manage events and exceptions, define parallel sequences of execution, and undo parts of processes when exceptions occur.
A resource in an enterprise database, such as an invoice or purchase order.
A unit of an enterprise that performs one or many business functions that can be rolled up in a management hierarchy.
An XML filter or SQL predicate WHERE clause in a data security policy that specifies what portions of a database resource are secured.
A stripe of data accessed by a data role, such as the data controlled by a business unit.
data instance set
The set of human capital management (HCM) data, such as one or more persons, organizations, or payrolls, identified by an HCM security profile.
A role for a defined set of data describing the job a user does within that defined set of data. A data role inherits job or abstract roles and grants entitlement to access data within a specific dimension of data based on data security policies. A type of enterprise role.
data role template
A template used to generate data roles by specifying which base roles to combine with which dimension values for a set of data security policies.
The control of access to data. Data security controls what action a user can taken against which data.
data security policy
A grant of entitlement to a role on an object or attribute group for a given condition.
An applications data object at the instance, instance set, or global level, which is secured by data security policies.
A group of function and data privileges representing one duty of a job. Duty roles are specific to applications, stored in the policy store, and shared within an Oracle Fusion Applications instance.
An organization with one or more legal entities under common control.
Abstract, job, and data roles are shared across the enterprise. An enterprise role is an LDAP group. An enterprise role is propagated and synchronized across Oracle Fusion Middleware, where it is considered to be an external role or role not specifically defined within applications.
Grants of access to functions and data. Oracle Fusion Middleware term for privilege.
Grouping of extensible data fields called segments, where each segment is an attribute added to an entity for capturing additional information.
An extensible data field that represents an attribute on an entity and captures a single atomic value corresponding to a predefined, single extension column in the Oracle Fusion Applications database. A segment appears globally or based on a context of other captured information.
The control of access to a page or a specific widget or functionality within a page. Function security controls what a user can do.
HCM data role
A job role, such as benefits administrator, associated with specified instances of Oracle Fusion Human Capital Management (HCM) data, such as one or more positions or all persons in a department.
Acronym for Hypertext Transfer Protocol. A request and response standard typical of client-server computing. In HTTP, web browsers or spiders act as clients, while an application running on the computer hosting the web site acts as a server. The client, which submits HTTP requests, is also referred to as the user agent. The responding server, which stores or creates resources such as HTML files and images, may be called the origin server. In between the user agent and origin server may be several intermediaries, such as proxies, gateways, and tunnels.
A person representing a worker, supplier, or customer.
An abbreviation for Java Platform, Enterprise Edition. A programming platform used as the standard for developing multi-tier Java enterprise applications.
A role for a specific job consisting of duties, such as an accounts payable manager or application implementation consultant. A type of enterprise role.
A comprehensive grouping of business functions, such as Sales or Product Management, that is delivered as a unit to support one or more business processes.
personally identifiable information
Any piece of information that can potentially be used to uniquely identify, contact, or locate a single person. Within the context of an enterprise, some PII data can be considered public, such as a person's name and work phone number, while other PII data is confidential, such as national identifier or passport number.
Abbreviation for procedural structured queried language.
A grant or entitlement of access to functions and data. A privilege is a single, real world action on a single business object.
Controls access to application functions and data.
Structure of roles to reflect an organization's lines of authority and responsibility. In a role hierarchy, a parent role inherits all the entitlement of one or more child roles.
A relationship between one or more job roles, abstract roles, and data roles and one or more conditions. Depending on role-mapping options, the role can be provisioned to or by users with at least one assignment that matches the conditions in the role mapping.
The automatic or manual allocation of an abstract role, a job role, or a data role to a user.
A set of criteria that identifies one or more human capital management (HCM) objects of a single type for the purposes of securing access to those objects. Security profiles can be defined for persons, organizations, positions, countries, LDGs, document types, payrolls, payroll flows, and workforce business processes.
security reference implementation
Predefined function and data security in Oracle Fusion Applications, including role based access control, and policies that protect functions, data, and segregation of duties. The reference implementation supports identity management, access provisioning, and security enforcement across the tools, data transformations, access methods, and the information life cycle of an enterprise.
segregation of duties
An internal control to prevent a single individual from performing two or more phases of a business transaction or operation that could result in fraud.
A type of condition using SQL to constrain the data secured by a data security policy.
An internal job role responsible for maintaining supplier profile data and provisioning supplier contact user accounts.
An external party, such as a supplier, in the Oracle B2B application for which electronic documents are sent or from which documents are received. A trading partner in Oracle B2B corresponds to a supplier site.
A logical unit of work such as a promotion or an assignment change. A transaction may consist of several components, such as changes to salary, locations, and grade, but all the components are handled as a unit to be either approved or rejected.
Abbreviation for uniform resource locator.
A type of condition using XML to constrain the data secured by a data security policy.