Publishing controls for sensitive and non-sensitive run time instances

You can now support clear operational and security guidelines by assigning publishing privilege based on runtime environment sensitivity. This ensures that only a select group of authorized Catalog Administrators can be allowed to publish catalog definitions to sensitive environments such as Pre-production or Production, while broader access can be allowed for non-critical environments such as Development or SIT or UAT. 

This segregation helps you minimize risk, maintain compliance and ensure that your Development and Operations team operate efficiently - each having well defined access levels. 

While configuring the Destinations for a Lifecycle state, you can now mark that environment as sensitive for a select set of Catalog Administrators who are authorized to publish to critical runtime environments. This is shown in the screen below:

Enabling Sensitive environments to publish

The business benefit of this feature are:

• Enhanced Security and Risk Mitigation to ensure the publishing capability to sensitive runtime environments is restricted to only authorized personal, the risk of accidental or unauthorized changes is mitigated.
• Operational Efficiency by clearly defining roles and permissions helps eliminates confusion, streamlines deployment process and in reducing administrative overheads.
• Improved Governance and Accountability with fine-grained controls enhances clear governance and accountability initiatives. 

Steps to enable and configure

You don't need to do anything to enable this feature.

Tips and considerations

Existing customers can add the "Manage Sensitive Publish" privilege (ORA_ATC_LAUNCH_ENTITY_ROLLBACK_PRIV) to the lifecycle states that are Publish enabled, make a new version of the lifecycle configuration to mark it sensitive. 

Access requirements

• Communications Catalog Administrator