This chapter provides an overview of the security mechanisms offered by Oracle Application Management Pack for Oracle Communications when used with Oracle Enterprise Manager Cloud Control. For complete instructions, see Oracle Enterprise Manager Cloud Control System Administrator's Guide.
Enterprise Manager Cloud Control provides many access control options. The following list describes some of the methods and settings you can configure for controlling access and security:
Authentication Schemes
Enterprise Manager Cloud Control supports multiple authentication schemes including:
Repository-Based Authentication
Oracle Access Manager (OAM) SSO
Oracle SSO Based Authentication
Enterprise User Security Based Authentication
LDAP Authentication
Secure and limit access to Application Management Pack for Oracle Communications plug-in features using an authentication scheme. For more information about authentication schemes, see the chapter on security features in Oracle Enterprise Manager Cloud Control Security Guide.
User Roles
When you add a user to Enterprise Manager Cloud Control (called an administrator), you can assign roles to that user. For example, users with a system administrator role can access different parts of the administration console than users with a viewer role.
Enterprise Manager Cloud Control provides a number of ready-to-use roles that grant access to different parts of the administration console. Application Management Pack for Oracle Communications provides the following additional ready-to-use roles:
AIA_AMS_OPERATOR: Users assigned this role can administer Oracle Application Integration Architecture targets only.
BRM_AMS_OPERATOR: Users assigned this role can administer Oracle Communications Billing and Revenue Management (BRM) targets and have view-only privileges for all other target types.
COMMS_AMS_OPERATOR: Users assigned this role can administer all Oracle Communications targets.
COMMS_AMS_VIEWER: Users assigned this role can view Oracle Communications targets. They cannot take actions, such as starting and stopping the targets.
ECE_AMS_OPERATOR: Users assigned this role can administer BRM Elastic Charging Engine (ECE) targets and have view-only privileges for all other target types.
NCC_AMS_OPERATOR: Users assigned this role can administer Oracle Communications Network Charging and Control (NCC) targets and have view-only privileges for all other target types
OMC_AMS_OPERATOR: Users assigned this role can administer Oracle Communications Offline Mediation Controller targets and have view-only privileges for all other target types.
OSM_AMS_OPERATOR: Users assigned this role can administer Oracle Communications Order and Service Management (OSM) targets and have view-only privileges for all other target types.
PDC_AMS_OPERATOR: Users assigned this role can administer BRM Pricing Design Center (PDC) targets and have view-only privileges for all other target types.
You can assign these roles to users as delivered and you can copy the ready-to-use roles to create new roles as needed for your environment by using the Create Like button.
For more information about roles, including creating roles and assigning roles to users, see the chapter on creating roles and administrators in Oracle Enterprise Manager Cloud Control Getting Started Guide.
Rules and Rulesets
You can control Enterprise Manager Cloud Control behavior when triggering incidents using rules and rulesets ensuring that notifications are sent only to required users.
For more information about rules and rulesets, see the chapter about using Incident Management in Oracle Enterprise Manager Cloud Control Administrator's Guide.
Preferred Credentials
You setup preferred credentials for connecting to host targets in your environment from the administration console. Enterprise Manager Cloud Control supports configuring preferred credentials by specific host or target type.
For more information about preferred credentials, see the discussion on preferred credentials in Oracle Enterprise Manager Cloud Control Security Guide.
Enterprise Manager Cloud Control offers these security mechanisms:
Authentication: Validating user logins.
Authorization: Validating access rights based on roles attached to the user.
You can use function points to control user access.
You can apply data security to control what data the user can see and the user privileges that operate on the data.
You can use Workflow to define user privileges for roles according to the Workflow definition.
A user can have multiple roles.
Enterprise Manager Cloud Control supports audit-ability to track user login session details, areas accessed by user by means of function points and data audits to track data modifications.
Enterprise Manager Cloud Control provides password policy through which secured passwords can be set for users.