Overview of Security in Oracle Student Management Cloud
Users of Oracle Student Management Cloud have roles through which they gain access to functions and data.
Security implementation mainly involves management of the following:
-
Roles
-
Application users
-
The provisioning of roles to application users
Student Management application users typically have abstract roles, such as Instructor or Registrar.
This topic introduces the key security-related tasks that you perform during implementation. For more information about any of these tasks or Oracle Student Management Cloud security in general, see the Securing Oracle Student Management Cloud guide.
Define Implementation Users
The Oracle Student Management Cloud service administrator creates one or more implementation users, who perform the implementation tasks. To create implementation users and the data roles that they need, the service administrator performs these tasks:
-
Run Users and Roles Synchronization Process
This task copies data from the LDAP directory to the Oracle Fusion Applications Security tables, so that existing roles are available for implementation users.
-
Create Implementation Users
-
Create Data Role for Implementation Users
At least one implementation user must have the IT Security Manager job role or privileges. That implementation user performs security-related implementation tasks.
Define Security Synchronization Processes and Preferences
Many security-related tasks are performed on the Security Console. The tasks in the Define Security Synchronization Processes and Preferences task list initialize the Security Console. This table introduces those tasks.
Task |
Description |
---|---|
Manage Application Security Preferences |
Opens the Security Console, where you perform setup tasks such as setting the enterprise password policy and defining the default format of user names. |
Import Users and Roles into Application Security |
Runs a process that initializes and maintains the Oracle Cloud Applications Security tables. |
Import User Login History |
Runs a process that imports the history of user access to Oracle Cloud Applications. This information is required by the Inactive Users Report. |
Define Security
Oracle Student Management Cloud is secure as delivered. To enable application users to access Oracle Student Management Cloud functions and data, you perform the tasks in the Define Security for Student Management task list, as appropriate.
You can perform most of these tasks both during implementation and later as requirements emerge. Here are the tasks:
-
Revoke Data Role from Implementation Users
Implementation users need unrestricted access to large amounts of data. After implementation, you must remove Student Management implementation data roles from implementation users. A user with the IT Security Manager job role or privileges performs this task.
-
Manage Job Roles
-
Review the role hierarchy of a job or abstract role.
-
Create job and abstract roles.
-
View the roles assigned to a user and identify the users who have a specific role.
Manage Job Roles opens the Security Console. A user with the IT Security Manager job role or privileges performs this task.
-
-
Manage Duties
Use the Manage Duties task to do these things:
-
Review the role hierarchy of a job or abstract role.
-
Create job and abstract roles.
-
View the roles assigned to a user and identify the users who have a specific role.
Manage Duties opens the Security Console. A user with the IT security manager job role or privileges performs this task.
-
Manage Role Provisioning
You create role mappings to control the provisioning of all types of roles to application users. For example, you can create a role mapping to provision the Student abstract role automatically to all admitted students. A user with the IT Security Manager job role performs this task, which opens the Manage Role Mappings page.