1. Security Guide
  2. Secure Configuration Overview

Secure Configuration Overview

As explained in the Service Security Features Chapter, the Oracle Warehouse Management Cloud Service has many different administrator user accessible security configuration mechanisms to configure the service for users accessing the service. This section outlines the secure configurations and describes several recommendations.

There is never a one size fits all secure configuration for all the Oracle Warehouse Management Cloud Service customers. However, there are definitely general recommendations and general Dos and Don’ts that can be given. Failure to follow these recommendations may lead to bad configurations, unintended access, data access, and performance issues or data corruption.

User Roles Recommendations

  • Usecaution in giving out the ADMIN user role to individual users. This is an elevated user role and has service privileges to everything but reduced domain data visibility.
  • Itis recommended to create custom user roles for every role within customers organization so that one can easily control and maintain groups of users’ service privileges and data visibility.

User Recommendations

  • Do not use commonly known or previously known passwords for the Oracle Warehouse Management Users. Use a strongand unique password by at least utilizing the default BASIC PASSWORD RULES Account Policy.
  • Do not use commonly known or previously known passwords for the Oracle Identity Cloud Service (IDCS) Users or external IDPs. Use a strong and uniquepassword.
  • Deactivate unneeded Oracle Warehouse ManagementUsers.
  • Do not deactivate or delete users who have recurringprocesses.

User Access Recommendations

  • Create custom menus for users based on individual roles. These custom Menus should only contain what one want the user tosee.
  • Create custom Screen Sets for users based onroles.
  • Create custom views for users based onroles

Company Security Configuration Policies (Recommendations)

  • Do not set max password length toolong
  • Main password length to be set to min of 6characters
  • Max field login attempts to be set to a reasonablevalue
  • Password history count should be kept atdefault

General Recommendations

  • Use caution when granting access to upload files into theservice.
  • Use caution when granting access to upload raw data viaCSV.
  • Use caution when granting access to use external integrationfunctionality.
  • Use caution when granting abilities to define ExternalSystems.
  • Disable or delete obsolete and unused External Systems to prevent accidentalusage.