1. Managing and Monitoring Oracle Cloud
  2. Performing Service-Specific Tasks
  3. Break Glass for Oracle Applications
  4. Configuring Managed Access on Oracle Cloud Infrastructure Fusion Applications Environment Management

Configuring Managed Access on Oracle Cloud Infrastructure Fusion Applications Environment Management

Break Glass Support for FAaaS Environments

Occasionally, authorized operators need to access resources to troubleshoot or help resolve an issue with your applications environment. Break Glass provides you with the ability to temporarily grant access to Oracle Support using a securely administered workflow.

The Break Glass option is enabled only for specific Oracle Fusion Cloud Service Oracle Applications bundles, or if you have specifically purchased the subscription. When you purchase a qualified subscription, you get access to Oracle Managed Access, where you enable and manage requests for temporary access to your organization's cloud resources from authorized support operators.

Key features break glass with Managed Access include:

  • Provides the operator temporary user credentials for a specific duration.
  • Specifies the access level for the representative.
  • Creates logs of all actions, providing an audit trail.

Enabling Break Glass for an FAaaS Environment

When you provision an environment that has a break glass subscription included in the environment family, the lockbox is automatically created for the environment in Oracle Managed Access with the following default settings:

  • Password expiration time: 96 hours
  • Auto-approval: Enabled

Prerequisite:

  • A subscription that includes Break Glass has been added to the environment family.

You can verify that Break Glass is available for your environment by viewing the environment details:

  • Click the Security tab and verify that Breakglass is set to Enabled.

Follow the Managed Access documentation to setup the lockbox and approvals for Your environment.

Viewing Break Glass Details

To view the break glass settings for the environment, You must have permissions to read the Managed Access resources. For example:

Allow group FusionAdmins to read lockbox-family in tenancy

These permissions are included in the set defined for the Fusion Applications Administrator. See Add a User with Specified Access for a Job Role

To view details

On the environment details page:

  1. Click Security.
  2. The following properties of your Breakglass setup are displayed:
    • Enabled
    • Password expiration
    • Auto-aproval setting
    • Resource setting

Updating Break Glass Settings

To edit the break glass settings, You must have permissions to manage the lockbox-family resources. For example: 

Allow group SecurityAdmins to manage lockbox-family in tenancy

See Policy Reference for Job Roles for the required policy statements for the Security Administrator.

On the environment details page:

  1. Follow the instructions for Viewing Break Glass Details to view the settings.
  2. To edit these properties, click the resource setting name view its settings in the Managed Access service. Follow the Managed Access documentation.