1. Managing and Monitoring Oracle Cloud
  2. Performing Service-Specific Tasks
  3. Break Glass for Oracle Applications
  4. Oracle Break Glass for Fusion Cloud Service

Oracle Break Glass for Fusion Cloud Service

Oracle Break Glass for Fusion Cloud Service is an optional service for Oracle Fusion Cloud Service that provides an additional layer of managed access to your content that resides in the Oracle Fusion Cloud Service database (Fusion database), as well as control over data encryption keys for such database.

With Oracle Break Glass for Fusion Cloud Service, Oracle personnel must obtain explicit approval from you for temporary access to your content residing in the Fusion database for one-off, service-related activities such as support and troubleshooting.

The approval requests are made through a workflow that involves approvers defined by you. Once approved, your approval gives Oracle access to passwords for the Fusion database stored in a secured escrow account for a limited time.

In addition to such managed access, Oracle Break Glass allows you to control the master encryption key of Oracle’s Transparent Data Encryption (TDE) which encrypts data in the Fusion database. Oracle requires use of the TDE master key to operate the Fusion database, but only retains a copy of the latest key provided by you. By revoking or resetting the TDE master key, you can shut down the Fusion database and prevent anyone, including Oracle, from accessing your content residing in such Fusion database.

Oracle Break Glass for Fusion Cloud Service consists of the provisioning of the following services:

  • Oracle Database Vault
  • Oracle Break Glass

Oracle Database Vault Introduction

Oracle Database Vault for Fusion Cloud Service is intended to provide additional controls of Oracle Fusion Cloud Services by protecting your content from being accessed by Oracle users and controlling sensitive operations inside Oracle Fusion Cloud using multi-factor authorization.

When enabled, Oracle Database Vault for Fusion Cloud Service:

  • Forms realms which act like firewalls inside Oracle Fusion Cloud
  • Restricts the DBA and other Oracle users from accessing Your Content residing in the Oracle Fusion Cloud Service database
  • Creates strong controls over when and where Your Content in the Oracle Fusion Cloud Service databasecan be accessed
  • Protects the Oracle Database Vault for Fusion Cloud Servicefrom unauthorized changes

Oracle Break Glass Introduction

Oracle Break Glass for Fusion Cloud Service provides additional control in two ways. First, Oracle Break Glass Managed Access for Fusion Cloud Service enables you to restrict and control Oracle's access to your content stored in the Fusion database. By use of Oracle Break Glass for Fusion Cloud Service, you control access to passwords required for data level access to the Fusion database, thereby limiting access by Oracle personnel to your content residing within the Fusion database. Your passwords are stored in a secured escrow account not accessible to Oracle Fusion Cloud Service personnel.

During the Services Period of the Oracle Fusion Cloud Service, Oracle personnel may require access to those services, including data layer access to your content residing within the Fusion database, in order to perform service-related activities, such as maintenance, upgrades, support, and responding to service requests. If Oracle requires data layer access, Oracle will request approval from you through a workflow involving approvers both from Oracle and you. You may approve Oracle’s access to the data level access passwords for a limited time period; the access will be revoked, and passwords changed after the time period defined by you for such data access. Upon your request, Oracle will provide you with a report of such access.

Oracle Break Glass Managed Access for Fusion Cloud Service provides control and management over Oracle’s access requests to your content residing in the Fusion database. There are three entitlement types for Break Glass access requests:

  1. Support Team Entitlements: These entitlements allow Oracle personnel to triage your service requests logged in My Oracle Support (MOS). These entitlements allow strictly read-only access to your content residing in the Fusion database.
  2. Database Administrator Entitlements: These entitlements allow Oracle personnel to perform database-related maintenance activities such as patching, upgrading, troubleshooting, and backup restoration.
  3. Application or Mid-Tier Administrator Entitlements: These entitlements allow Oracle personnel to perform application and middleware tier-related maintenance activities such as patching, upgrading, troubleshooting, and backup restoration.

To ensure that Oracle personnel do not have standing access to your content in the Fusion database, the system resets the password as well as terminates active sessions after the Support Access Duration (described below) expires. It is not only the checked-out credential password, which is reset, but also passwords for all credentials that fall under Break Glass purview.

In addition to managed access, data at rest in Fusion Database is protected using Oracle’s TDE and Database Vault. The Bring Your Own Key (BYOK) feature allows you to control the master encryption key of your Oracle Fusion Cloud Service TDE-enabled database with the exception of Oracle SaaS at Customer Cloud Service Connected, Oracle SaaS at Customer Cloud Service Disconnected and Oracle SaaS at Customer Cloud Service in Country. By utilizing the Oracle Break Glass for Fusion Cloud Service, You can create a qualified master encryption key to replace a system-generated key for the TDE-enabled Fusion database and you can revoke it or reset it later. Oracle requires use of the TDE master key to operate the Fusion database. If you revoke or reset the TDE master key, the Fusion database will shut down and the services dependent on the database will become inaccessible, and no one, including Oracle, will be able to access encrypted data or perform any operation that requires access to the locked database. It is Your responsibility to provide the right version of the TDE master key to Oracle to restore services and database access or to restore an old backup.

Important Considerations when using Oracle Break Glass for Fusion Cloud Service

The Oracle Fusion Cloud Service and related service performance, including but not limited to Target System Availability Level, scheduled maintenance periods, and service request response times, will be adversely impacted if you do not provide to Oracle the correct version of your TDE master key in a timely manner, and in such case, Oracle is not responsible for such impacts, including any potential related service level credits. If you submit a service request to Oracle for support regarding an issue involving data (e.g., loading issues, duplications, etc.), You must ensure that such service request contains only randomized data and not any of your content.

It is your responsibility to keep the history of the TDE master key for the duration that matches Oracle Fusion Cloud Service’s backup and retention policy. Failure to provide Oracle with the correct TDE master key will result in data backup being unrecoverable. If the TDE master key is lost, access to the database will no longer be possible, resulting in a complete loss of data.