The service implements several security layers. Infrastructure security components, which are implemented and managed by Oracle, create a highly secure service environment.
The service ensures security using the following mechanisms that permit only authorized users to access the service.
Single Sign-On (SSO)
Role-based access to environments
SSO and role-based security are controlled by Oracle Identity Management, which defines a security domain for each environment. After a successful signin, access to the service is determined by the role assigned to the user.
An identity domain controls the accounts of users who need access to environments. It also controls the features that authorized users can access. An Identity Domain Administrator creates and manages user accounts within an identity domain. The Account Administrator, while activating the service, identifies a user who is granted the Identity Domain Administrator role.
By default, each customer is allocated two environments (test and production environments) of a service. The Identity Domain Administrator uses the My Services application to manage the users who need access to these environments.
Many Oracle Enterprise Performance Management Cloud services may belong to one identity domain.
Each user who needs to access an environment must have an account in the identity domain associated with the environment. The roles granted to the user determine what the user can do within an environment.
Roles link users to the business activities that they are permitted to perform within an environment and the data that they can access.
Users must be assigned to predefined roles that grant them access to business functions and associated data. predefined service roles are described in Understanding Predefined Roles.