Configuring Managed Access on Oracle Cloud Infrastructure Fusion Applications Environment Management
Break Glass Support for FAaaS Environments
Occasionally, authorized operators need to access resources to troubleshoot or help resolve an issue with your applications environment. Break Glass provides you with the ability to temporarily grant access to Oracle Support using a securely administered workflow.
The Break Glass option is enabled only for specific Oracle Fusion Cloud Service Oracle Applications bundles, or if you have specifically purchased the subscription. When you purchase a qualified subscription, you get access to Oracle Managed Access, where you enable and manage requests for temporary access to your organization's cloud resources from authorized support operators.
Key features break glass with Managed Access include:
- Provides the operator temporary user credentials for a specific duration.
- Specifies the access level for the representative.
- Creates logs of all actions, providing an audit trail.
Enabling Break Glass for an FAaaS Environment
When you provision an environment that has a break glass subscription included in the environment family, the lockbox is automatically created for the environment in Oracle Managed Access with the following default settings:
- Password expiration time: 96 hours
- Auto-approval: Enabled
Prerequisite:
- A subscription that includes Break Glass has been added to the environment family.
You can verify that Break Glass is available for your environment by viewing the environment details:
- Click the Security tab and verify that Breakglass is set to Enabled.
Follow the Managed Access documentation to setup the lockbox and approvals for Your environment.
Viewing Break Glass Details
To view the break glass settings for the environment, You must have permissions to read the Managed Access resources. For example:
Allow group FusionAdmins to read lockbox-family in tenancy
These permissions are included in the set defined for the Fusion Applications Administrator. See Add a User with Specified Access for a Job Role
To view details
On the environment details page:
- Click Security.
- The following properties of your Breakglass setup are displayed:
- Enabled
- Password expiration
- Auto-aproval setting
- Resource setting
Updating Break Glass Settings
To edit the break glass settings, You must have permissions to manage the lockbox-family
resources. For example:
Allow group SecurityAdmins to manage lockbox-family in tenancy
See Policy Reference for Job Roles for the required policy statements for the Security Administrator.
On the environment details page:
- Follow the instructions for Viewing Break Glass Details to view the settings.
- To edit these properties, click the resource setting name view its settings in the Managed Access service. Follow the Managed Access documentation.