This chapter describes the Oracle Communications Evolved Communications Application Server (OCECAS) user entities, and the ways in which you secure and manage user access to the system resources.
In OCECAS, a user entity can be a software element such as an application, or persons who are authorized to use the system resources. System administrators secure their system resources by exercising access control and configuring the scope of actions permitted for and with each resource.
As a system administrator or as a member of a team of system administrators, you authenticate each user entity before you permit access to the system elements. You manage the access setup to facilitate several usage scenarios, such as who has access to configure access to the resources such as control flows, restricted or barred number lists, notification definitions.
A security role, such as a security group, grants an identity to a user. A policy specifies which users, groups, or roles can access a resource under a set of conditions.
For more information about WebLogic Resource Security, see Fusion Middleware Securing Resources Using Roles and Policies for Oracle WebLogic Server.
http://docs.oracle.com/cd/E24329_01/web.1211/e24421/understdg.htm#ROLES113
OCECAS employs membership in its EvolvedCommunicationUsers group as an authentication requirement for accessing the Session Design Center GUI. All accounts authorized to access the Session Design Center GUI must belong to this group. For more information, see "Session Design Center GUI" in Evolved Communications Application Server Security Guide.
When operators give access to your system to users from multiple service providers, those user accounts can access your system. OCECAS authenticates the user names and passwords with the help of the centralized user store. This user store could be one of the following:
An embedded WebLogic Lightweight Directory Access Protocol (LDAP) server. See "Managing Authentication with LDAP Servers".
Oracle Identity Manager. See "Managing Authentication with Oracle Identity Manager".
As a system administrator, you manage the following aspects of user entities and data related to user accounts:
Security roles. See "Managing Security Roles for User Entities".
Authentication using an LDAP server. See "Managing Authentication with LDAP Servers".
Authentication using Oracle Identity Management. See "Managing Authentication with Oracle Identity Manager".
The EvolvedCommunicationUsers group is created as part of the post-configuration task completed for the OCECAS management domain at installation time. For more information, see "Post-Configuration Tasks for Your Management Domain" in Evolved Communications Application Server Installation Guide.
Create users that are authorized to access Session Design Center in the OCECAS management domain. Access the administrative console for the management domain, enter the usernames and passwords in the security realm, and assign the user names to the EvolvedCommunicationUsers group.
For information about adding users using the administrative console, see the section "Creating Users for the SDC GUI" in Evolved Communications Application Server Installation Guide.
OCECAS uses the embedded WebLogic LDAP server. This server is the default security provider database for WebLogic authentication, authorization, credential mapping, and role mapping providers.
For more information, see "Managing the Embedded LDAP Server" in Fusion Middleware Securing Oracle WebLogic Server.
http://docs.oracle.com/cd/E24329_01/web.1211/e24422/ldap.htm#SECMG327
When your installation uses Oracle Identity Management offerings, it can provide the following:
Web access control
Adaptive access control
Identity federation and management
User access provisioning
Roles and authorization policies.
For more information about Oracle Identity Management, see "Oracle Fusion Middleware 12c (12.1.2) Interoperability and Compatibility" in Oracle Fusion Middleware Interoperability and Compatibility Guide.