1. What are the basic security concepts and procedures for Oracle CX?
  2. Guidelines for Configuring Security

Guidelines for Configuring Security

If the predefined security reference implementation doesn't fully represent your enterprise, then you can make changes.

For example, the predefined Sales Representative job role includes Sales Forecasting privileges. If sales managers do sales forecasting in your organization, not the salespeople, then you can create a salesperson role without those privileges. In this case, use the predefined Sales Representative role, or copy this role and make your own modifications. The role code of the Sales Representative application job role is ORA_ZBS_SALES_REPRESENTATIVE_JOB.

During implementation, you evaluate the predefined roles and decide whether changes are needed. If changes are required, then you can either create a role from scratch or copy an existing role. You can perform both tasks on the Security Console.

You can identify predefined roles easily by their role codes, which all have the prefix ORA_.

All predefined roles are granted several function security privileges and data security policies. They also inherit duty roles. To make minor changes to a role, copying the predefined role and editing the copy is the more efficient approach. Creating roles from scratch is most successful when the role has very few privileges and you can identify them easily.

Missing Enterprise Jobs

If jobs exist in your enterprise that aren't represented in the security reference implementation, then you can create your own job roles. Add duty roles to custom job roles, as appropriate.

Predefined Roles with Different Privileges

If the privileges for a predefined job role don't match the corresponding job in your enterprise, then you can create your own version of the role. If you copy the predefined role, then you can edit the copy to add or remove duty roles, function security privileges, and data security policies, as necessary.

Predefined Roles with Missing Privileges

If the privileges for a job aren't defined in the security reference implementation, then you can create your own duty roles.

The typical implementation doesn't use custom duty roles.

Related Topics