Overview of Security in Oracle Student Management Cloud

Users of Oracle Student Management Cloud have roles through which they gain access to functions and data.

Security implementation mainly involves management of the following:

• Roles

• Application users

• The provisioning of roles to application users

Student Management application users typically have abstract roles, such as Instructor or Registrar.

This topic introduces the key security-related tasks that you perform during implementation. For more information about any of these tasks or Oracle Student Management Cloud security in general, see the Securing Oracle Student Management Cloud guide.

Define Implementation Users

The Oracle Student Management Cloud service administrator creates one or more implementation users, who perform the implementation tasks. To create implementation users and the data roles that they need, the service administrator performs these tasks:

• Run Users and Roles Synchronization Process

  This task copies data from the LDAP directory to the Oracle Fusion Applications Security tables, so that existing roles are available for implementation users.

• Create Implementation Users

• Create Data Role for Implementation Users

At least one implementation user must have the IT Security Manager job role or privileges. That implementation user performs security-related implementation tasks.

Define Security Synchronization Processes and Preferences

Many security-related tasks are performed on the Security Console. The tasks in the Define Security Synchronization Processes and Preferences task list initialize the Security Console. This table introduces those tasks.

Task	Description
Manage Application Security Preferences	Opens the Security Console, where you perform setup tasks such as setting the enterprise password policy and defining the default format of user names.
Import Users and Roles into Application Security	Runs a process that initializes and maintains the Oracle Cloud Applications Security tables.
Import User Login History	Runs a process that imports the history of user access to Oracle Cloud Applications. This information is required by the Inactive Users Report.

Define Security

Oracle Student Management Cloud is secure as delivered. To enable application users to access Oracle Student Management Cloud functions and data, you perform the tasks in the Define Security for Student Management task list, as appropriate.

You can perform most of these tasks both during implementation and later as requirements emerge. Here are the tasks:

• Revoke Data Role from Implementation Users

  Implementation users need unrestricted access to large amounts of data. After implementation, you must remove Student Management implementation data roles from implementation users. A user with the IT Security Manager job role or privileges performs this task.

• Manage Job Roles

  • Review the role hierarchy of a job or abstract role.

  • Create job and abstract roles.

  • View the roles assigned to a user and identify the users who have a specific role.

  Manage Job Roles opens the Security Console. A user with the IT Security Manager job role or privileges performs this task.

• Manage Duties

  Use the Manage Duties task to do these things:

  • Review the role hierarchy of a job or abstract role.

  • Create job and abstract roles.

  • View the roles assigned to a user and identify the users who have a specific role.

  Manage Duties opens the Security Console. A user with the IT security manager job role or privileges performs this task.

Manage Role Provisioning

You create role mappings to control the provisioning of all types of roles to application users. For example, you can create a role mapping to provision the Student abstract role automatically to all admitted students. A user with the IT Security Manager job role performs this task, which opens the Manage Role Mappings page.