| Oracle® Health Sciences Empirica Signal Secure Configuration Guide Release 8.0 E50112-01 |
|
 Previous |
| Oracle® Health Sciences Empirica Signal Secure Configuration Guide Release 8.0 E50112-01 |
|
Previous |
The Empirica Signal application provides the following security features to help you secure your system:
Authentication—You can choose from three different authentication methods to ensure only authorized users have access. You can also select from flexible password options to establish a password policy for user accounts. For more information, see Authentication.
Auditing—The Empirica Signal application automatically tracks user activity, including successful and failed logins, for local users. The tracked activities provide a comprehensive audit trail of actions performed. For more information, see Auditing.
User Access Control—You can assign users to several built-in or custom roles. You can also assign permissions to restrict user access to only the features that are appropriate for their job responsibilities. The Empirica Signal application also provides publishing capabilities to restrict user access to objects. For more information, see User access control.
User Session Timeout—The Empirica Signal application automatically cancels user sessions that have been inactive for a specified period of time. To update the default session timeout period, see the Empirica Signal Installation Guide.
Topics—You can place an additional layer of security on topics. You can create work teams to support visibility of topics among separate groups of users. For more information, see Topics.
The Empirica Signal application allows you to authenticate and set password options using several ways. You can disable accounts to prevent unauthorized access of the application.
The Empirica Signal application requires users to authenticate by logging in with a unique user name and password. You can use the following authentication methods:
Local—User information stored in the Empirica Signal application is used for authentication.
LDAP—User information stored in a Lightweight Directory Access Protocol directory is used for authentication.
Single Sign-On (SSO)—User information stored in Oracle® Access Manager (OAM) is used for authentication.
With local and LDAP authentication, the Empirica Signal application captures successful and failed login attempts in the User Activity Audit Trail. For more information, see Auditing.
With local authentication, when a user exceeds the allowable number of login attempts that you set in your password requirements, the Empirica Signal application sends an account lockout email notification to the site administrator.
For more information on configuring and implementing authentication methods, see the Empirica Signal and Topics User Guide.
The Empirica Signal application provides password options that you can select to establish a password policy for the user accounts for your local users. Using the options, you can require specific password content, complexity, and expiration. The Empirica Signal application provides the following password options and default values. You can edit the default values to suit the requirements of your organization.
| Option | Default value |
|---|---|
| Expiration | 90 days |
| Expiration warning | 15 days |
| Minimum Length | 8 characters |
| Number of Attempts Allowed | 3 |
| Number of Passwords Retained | 8 |
| Minimum Alphabetic | 1 |
| Minimum Numeric | 1 |
| Minimum Non-alphanumeric | 1 |
| Minimum Lowercase | 1 |
| Minimum Uppercase | 1 |
If you are using SSO with OAM, you should set similar password requirement options in the OAM Access Manager Console.
The User Activity Audit Trail tracks user activity that occurs in the application, capturing detailed information for user actions and providing you with an easily accessible, historical account of user activity. Using the User Activity Audit Trail, you can enforce your company's security policy and monitor your system for attempts at unauthorized actions or misuse.
Audited user activity is retained indefinitely. You cannot modify or delete audit records through the Empirica Signal application.
The Empirica Signal application auditing feature is a standard feature that cannot be disabled.
The Empirica Signal application allows you to implement user access control. Using roles and permissions, you can restrict user access to only what is necessary for users to perform their job responsibilities.
Before implementing user access control, establish an access control policy based on business and security requirements for each user. Review your access control policy periodically to determine if changes to roles and permissions are necessary.
During installation, several built-in roles are created. The roles are designed for least privilege and separation of duties. You can modify the permissions assigned to the roles and create new roles, if needed.
The Empirica Signal application defines permissions that grant or restrict user access to different application features. When you assign a role to a user, the user receives all the permissions assigned to the role. Review the permissions assigned to roles to make sure users can perform only the tasks relevant to their job responsibilities.
If necessary, you can also assign permissions to individual users.
You can control user access to objects, such as analysis runs or report outputs, by publishing the objects to specific login groups. By default, the publication level of every newly created object is Private.
Users without the Administer Users permission can publish only objects they have created. Users with the Administer Users permission can publish objects that they or any users in their login group created. Superusers can publish any object.
For more information on user access control, see the Empirica Signal and Topics User Guide.
You can place an additional layer of security on topics. You can create work teams to support visibility of topics among separate groups of users. Within each work team, users can have different work team permissions that determine the level of access to the topics visible to them.
Additionally, you can configure Topic Email Notifications to alert individual users or work teams of significant changes to topics. Topic email notifications optionally can include topic or action fields from the topic workflow configuration. Before including fields in email notifications, you should ensure that the resulting email messages do not contain sensitive or confidential information.
The user can view changes to topics in the history of a topic or action, or both, and can track the deleted attachments and actions in the audit trail.
|
 Copyright © 2002, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|