1. Provisioning and Administering Oracle Integration 3
  2. Manage Oracle Integration 3 Instances
  3. Restrict Access to an Instance Using the Self-Service Allowlist
  4. About the Allowlist

About the Allowlist

An allowlist lets you limit access to Oracle Integration and File Server. You configure the Oracle Integration allowlist when you create the instance or any time afterward. You configure the File Server allowlist when you enable File Server or any time afterward.

Overview

The allowlist restricts access based on the following parameters:

  • Single IP address
  • Classless Inter-Domain Routing (CIDR) block (that is, an IP address range)
  • Virtual Cloud Network Oracle Cloud ID (VCN OCID)

Only the specified IP addresses, CIDR blocks, and VCN OCIDs can access Oracle Integration and File Server. Users and systems accessing Oracle Integration and File Server from listed VCNs have full access.

Additionally, your organization might have a service gateway. The service gateway lets your VCN privately access Oracle Integration without exposing the data to the public internet.

What Kind of Access Can Be Managed by an Allowlist

Your instance allowlist lets you manage access to Oracle Integration and/or File Server for the following entities:

  • Your organization's VCN, through the service gateway, if you have one
  • Specified partner networks and applications, specified by IP addresses or CIDR blocks
  • SOAP requests
  • REST requests that aren't handled by an API gateway, if you're using one
  • If you are using an API gateway, you add the API gateway's VCN to the allowlist. The API gateway manages access for all REST traffic in that VCN. Only calls from APIs deployed to the API gateway are passed through to Oracle Integration. See Manage Oracle Integration Endpoints Using API Gateway.

    Note:

    Visual Builder and Process Automation bypass the API gateway.

Limitations

  • The rules allow for all-or-nothing access and don't allow for more nuanced control.

    For example, if an IP address or CIDR block is allowlisted, all traffic from that location is granted access, even if someone using an allowed IP address passes SQL as a command line parameter.

  • You're limited to 15 access rules for Oracle Integration and 15 for File Server.

    However, a CIDR block counts as only 1 entry, so you might not need more than 15 rules.