| Oracle® Healthcare Master Person Index Relationship Management User's Guide Release 4.0 E71323-02 |
|
|
PDF · Mobi · ePub |
| Oracle® Healthcare Master Person Index Relationship Management User's Guide Release 4.0 E71323-02 |
|
|
PDF · Mobi · ePub |
This chapter explains how to secure the RM application. RM REST APIs are authenticated using Basic Authentication.
RM defines the users, groups, and security roles based on the WebLogic users, groups, and security roles defined in the Fusion Middleware Securing Resources Using Roles and Policies for Oracle WebLogic Server Guide. This release defines the following three security roles:
Table 8-1 describes the security roles defined in this release.
| Security Role | Name | Privilege | Description | Operating Resources |
|---|---|---|---|---|
|
RmIntegrator |
System Integrator |
search, create, and update |
Used for creating and updating relationships, registering MPI domains, and resolving potential relationships |
metadata, relationships, entities, and application configuration |
|
RmAnalyst |
Business Analyst |
search |
Used for searching and viewing the relationships |
metadata, relationships, and entities |
|
RmAdministrator |
System Administrator |
search, create, and update |
Used for creating and updating relationships, registering MPI domains, and resolving potential relationships |
metadata, relationships, entities, and application configuration |
Note:
In this release, there is no difference between the system administrator role and system integrator role at the application level.Table 8-2 describes the relationship security groups defined in this release.
Table 8-2 Relationship Security Group
| Security Group | RM Security Role | WebLogic Role |
|---|---|---|
|
RmAdministrator |
RmAdministrator |
Admin |
|
RmAnalyst |
RmAnalyst |
Not Applicable |
|
RmIntegrator |
RmIntegrator |
AdminChannelUser, Deployer, Operator, Monitor, and AppTester |
Before deploying the RM application, you must create security groups, roles, and users using the WebLogic Server Administration Console.
To create roles and groups:
Log on to the Oracle WebLogic Server Administration Console using the credentials for administrator.
The Oracle WebLogic Administration Console appears.
On the left panel, under Domain Structure, select Security Realms.
In the table on the Summary of Security Realms panel, click myrealm, that is the name of the realm.
The Settings for myrealm panel appears.
Click the Users and Groups tab and then click the Groups tab.
The Groups table appears.
Click New to add a new RM group.
The Create a New Group panel appears.
In the Name field, type RmAnalyst.
Click OK.
Repeat steps 6 through 8 to add the following RM groups:
RmAdministrator
RmIntegrator
Click the Roles and Policies tab and then click the Realm Roles tab.
The Roles table appears.
Expand Global Roles and click Roles.
The Global Roles table appears.
Click New to add a new RM role.
The Create a New Role for this Realm panel appears.
In the Name field, type RmAnalyst.
Click OK.
Repeat steps 12 through 14 to add the following RM roles:
RmAdministrator
RmIntegrator
Click RmAnalyst in the Global Roles table.
The Edit Global Role panel appears.
Click Add Conditions.
Select Group from the Predicate List drop-down list.
Click Next.
In the Group Argument Name field, type RmAnalyst.
Click Add.
Click Finish.
Click Save.
Repeat steps 16 through 23 for the following RM roles by selecting the corresponding group:
RmAdministrator
RmIntegrator
Click the Users and Groups tab and then click the Users tab.
The Users table appears.
Click New to add a new RM user.
The Create a New User panel appears.
In the Name field, type RmAnalyst.
Enter a password for the user in the Password field and reconfirm the password in the Confirm Password field.
Click OK.
Click RmAnalyst in the Users table.
The Settings for RmAnalyst panel appears.
Click the Groups tab.
Double-click the RmAnalyst group under the Available section.
The RmAnalyst group moves under the Chosen section.
Click Save.
The RmAnalyst group is assigned to the RmAnalyst user.
Repeat steps 25 through 33 for the following users:
RmAdministrator
RmIntegrator
You can mask the custom attributes of relationship and entity instances including ID field of the entity.
To mask the sensitive information, configure the sensitive fields in <Relationship Management project>\config\ui\uiConfig.js.
The following example shows masking configuration for entity type:
entityTypes: {
USPatient: {shape: 'human', color: 'green', sensitive_fields ['SSN' , 'ID']},
...
}
The following example shows masking configuration for relationship type:
relationshipTypes: {
'primary-care-physician-of': {color: '#3385b7', sensitive_fields :[ '<attribute name>']},
...
}
The masked value for a field configured as sensitive is displayed as *****.
|
 Copyright © 2016, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|