Troubleshooting Break Glass Issues

Oracle Break Glass for Oracle Fusion Cloud Enterprise Performance Management supports Oracle Managed Access (OMA) and Bring Your Own Key (BYOK) features. The Break Glass option is available as a separate subscription. It can also be added to an existing subscription.

OMA provides you the ability to approve Oracle operator access to data by setting up approval template for each environment. An Oracle operator who needs to access a Break Glass-enabled environment must first obtain explicit approval from the customer, specifying the environment, access duration, SR number, and rationale.

BYOK enables you to use your own Transparent Data Encryption (TDE) key to encrypt the relational database used by the business process and rotate it as needed.

See Break Glass in Cloud EPM and Oracle Enterprise Data Management Cloud in the Getting Started Guide for Administrators for OMA and BYOK setup and flow details.

Getting Help on OMA Issues

If you have any issue setting up approval templates for OMA or approving an access request, see Break Glass in Cloud EPM and Oracle Enterprise Data Management Cloud in the Getting Started Guide for Administrators. If you still have issues, create a technical service request with the detailed description of the issue. See Submitting a Technical Service Request.

Getting Help on BYOK Issues

After purchasing the Break Glass subscription, create a service request to enable BYOK in the test and production environments. Attempts to set BYOK before Oracle enables it results in an error. See Creating a Request to Enable Bring Your Own Key (BYOK).

If you have multiple Break Glass-enabled environments, after Oracle has enabled BYOK, you setup BYOK on only one test and one production environment per region in each tenancy. Only the environments where BYOK was explicitly set indicate that the encryption is customer managed. All other Break Glass environments show the encryptions as being managed by Oracle. However, rest assured that the encryption is customer managed after you have setup BYOK.

If you face issues with setting up BYOK, create a service request. See Submitting a Technical Service Request. The service request must contain:

  • Details of the specific issue for which you are seeking assistance.
  • The URL of the environment, if the issue is with specifying BYOK in the Cloud Console for a particular environment..