Oracle Content and Experience uses a multilayered approach to protect your system and content.
|Security Feature||Description||Who Manages It and Where|
|User accounts||You need an account with a user name and password to access Oracle Content and Experience.||Identity domain administrators manage accounts in the My Services application. See Manage Users with Oracle Identity Cloud Service.|
|User roles||Each user is assigned one or more roles to control what functionality and areas of the user interface they can access.||Identity domain administrators or service administrators assign user roles in the My Services application. See User Roles.|
|Groups||Groups make it easy to grant multiple users access to folders, conversations, and content types. By adding someone to a group or removing them from a group, you can quickly update the permissions to all the items that group has access to.||Service administrators should create high-level organizational groups and communicate group standards. See Create Group Standards for Your Organization. Users can create additional groups as necessary. See Using Groups and Following People in Managing Content with Oracle Content and Experience Cloud.|
|Mobile device passcodes||When accessing files on a mobile device, you can set a passcode to provide additional security. The passcode is a four-digit number that is set and managed on your device. It's used in addition to your user name and password.||Users manage their passcodes on their mobile devices. See How do I set a passcode? in Managing Content with Oracle Content and Experience Cloud.|
|Revoke authorization for a mobile device||If a user loses their device or it’s taken, they should remove that device's authorization to access the service. The next time someone tries to activate the app on the device, the account is signed out and all local content stored on the device for that account is deleted.||Users can revoke a device from the web client. See What do I do if my device is lost or stolen? in Managing Content with Oracle Content and Experience Cloud.|
|Single Sign-On (SSO)||If Federated Single Sign-On (SSO) is currently available for your Oracle Content and Experience Cloud environment, you can enable it to customize sign-in procedures. When Single Sign-On (SSO) is enabled, users can sign in to one domain using corporate security credentials and access another domain without signing in again. For example, perhaps you are an administrator for your company which has two Oracle Cloud Services and you must provision these services to your company’s organization, roles, and users. Your company may also have on-premise applications and cloud services from other vendors. It’s important that communication between these services and applications is done in a secure fashion. With SSO, users can sign in to all of them using the same set of credentials that are managed by using your identity domain system.||Account administrators configure SSO in the My Services application. See Enable Single Sign-On (SSO).|
|File encryption||Files are protected using Secure Sockets Layer (SSL) technology. Files are encrypted while they're uploaded (in transit) and when they’re stored (at rest) in the cloud. Files at rest that are stored using the Oracle Storage Cloud service are encrypted using a 256–bit RSA encryption algorithm. That prevents unauthorized use of the files.
Any files downloaded to a mobile device are also encrypted. You can't access those files outside of the Oracle Content and Experience app unless you specifically download the file for use on the device.
|File encryption is handled automatically by Oracle Content and Experience.|
|File type and size restrictions||You can specify which types of files can be uploaded and restrict the size of uploaded files.||Service administrators configure file type and size restrictions through the Oracle Content and Experience Administration interface. See Restrict File Types and Sizes.|
|Virus scanning||When you upload files to the cloud, they can be checked by a virus scanner. Any files found to be infected are quarantined in the Trash bin and a special icon marks the file as infected.||Service administrators configure virus scan settings through the Oracle Content and Experience Administration interface. See Set Virus Scanning Options.|
|File access control||You have total control over who can access your files. You can add co-workers as members of a folder. The added users are granted default access rights, but folder managers can also change those rights.
In addition to sharing folders, you can also share files using links. If you send a link to a member of a folder, the member can sign in and use the file in the service. If you send the link to a non-member, that person is restricted from seeing other files in the folder.
Users control access when they share content. See Sharing Your Content and Sites with Others in Managing Content with Oracle Content and Experience Cloud.
|Conversation encryption||Conversations at rest are stored using the Oracle Storage Cloud service and are encrypted using a 256–bit RSA encryption algorithm. That prevents unauthorized access to conversation content.||Conversation encryption is handled automatically by Oracle Content and Experience.|
|Site creation and sharing restrictions||You can specify who can create, share, and use sites functionality, which lets users design, build, publish, and manage websites that are hosted in Oracle Cloud.||Service administrators configure sites settings through the Oracle Content and Experience Administration interface. See Configure Sites and Assets Settings.|
|Site security||When you publish a site and make it available online, it’s publicly available to anyone. However, you can change the security settings for the site to require users to sign in. You can also require that users have a specific role assigned to them.||Site owners and managers control the security for individual sites. See Understanding Site Security and Changing Site Security in Creating Experiences with Oracle Content and Experience Cloud.|
|Site sharing||With site sharing, you specify individual users who can access your unpublished (offline) site and allow them to view, modify, or manage the site based on the permission you give them.||Site owners and managers control the security for individual sites. See Understanding Site Security and Changing Site Security in Creating Experiences with Oracle Content and Experience Cloud|
|Site component sharing||Some components provide access to shared resources such as folders, files, or conversations. Component sharing considers both site security (who can view the published site) and resource sharing (who can view and work with folders, files, and conversations).||Site component sharing is handled automatically by Oracle Content and Experience based on site and resource security.|
|Cross-Origin Resource Sharing (CORS)||Cross-Origin Resource Sharing (CORS) allows a web page to make requests such as XMLLHttpRequest to another domain. If you have a browser application that integrates with Oracle Content and Experience Cloud but is hosted in a different domain, add the browser application domain to Oracle Content and Experience Cloud’s CORS origins list.||Service administrators configure CORS through the Oracle Content and Experience Administration interface. See Enable Cross-Origin Resource Sharing (CORS).|
Note: This feature is currently unavailable if you have a Universal Credits subscription.
|Oracle Content and Experience Cloud includes a proxy service, so that you can use REST services which have Cross-Origin Resource Sharing (CORS) limitations or require service account credentials. The proxy service is a reverse proxy server. It provides a URL to which web browsers connect. The proxy service then acts as an intermediary between the web browser and a remote REST service (or endpoint). The proxy service explicitly adds CORS support to all endpoints and can optionally insert service account credentials to requests coming from web browsers.||Service administrators configure the proxy service through the Oracle Content and Experience Administration Integrations interface. See Configure Proxy Service Settings.|
|Embedded content whitelist||You can display content from Oracle Content and Experience within other domains. For example, you might embed the Oracle Content and Experience web user interface into your own web applications to access folder and document management features inside your application. The embedded content appears only if embedded content is enabled and the domain is added to allowed domains whitelist.||Service administrators configure embedded content settings through the Oracle Content and Experience Administration interface. See Embed Content in Other Domains.|
Monitoring the Service
Throughout the use of your service, you’ll want to monitor the overall system, view reports on your users and documents, and analyze service usage statistics.
You can view service usage statistics to help you analyze system needs or issues.
You can view reports on your users and documents usage to help you understand how your system is being used.
See Run Reports.
You can check the overall status of your active Oracle Cloud services in the My Services dashboard. You can view the overall service status, outages, and uptime percentages for the past 14 days. You can also see the storage used and other details. Use the metrics to better understand how much your service is being used and whether you need to change storage allocations. Which metrics you see depends on the service subscription that you have.