Overview
Oracle Utilities Break Glass provides a means for customers (specifically, Customer administrators) to have direct control and approval authority over the process for requesting and granting temporary access to customer data by Oracle personnel.
Under normal circumstances, Oracle personnel are typically able to administer Oracle Utilities cloud service instances without access to customer data. In some cases, however, Oracle requires access to customer data to be able to perform certain important actions including (but not limited to): troubleshooting customer issues, applying certain categories of bug fixes, performing certain application upgrade steps or executing customer requested data correction activities.
For Oracle Utilities cloud service deployments that do not leverage Break Glass, Oracle personnel are granted temporary access to customer data via comprehensive internal controls and approvals based on SOC 1 and 2 principles. Oracle Utilities Break Glass plugs customer administrators into this process and gives them visibility and approval authority over all requests for access to customer data (by Oracle personnel).
A Break Glass event defines a scheduled, time boxed process during which Customers provide approval for Oracle personnel to temporarily access their customer data to perform the requested actions on a specific tenancy and environment. Time boxing, in this context, means that Customers provide Oracle with access to their customer data for a limited period of time (defined in the Break Glass event) after which Oracle access is automatically revoked. The Break Glass event includes the following information:
Customer, tenancy and environment (domain information)
When the event should occur (scheduling), including planned start time and planned end time
How long access to customer data is to be provided (time boxing)
Which actions are required to be performed (by Oracle personnel) on customer data
Description of what constitutes a successful outcome of the proposed actions
Who requested the event
Customer approvals
Event and action statuses
Audit log information
The following flow diagram outlines the general Break Glass work flow:
1. Either Oracle or the customer requests a break glass event and includes details of schedule, duration (for example 24-96 hours) and detailed explanation of the activities to be performed by Oracle. The request process includes a customer approval workflow ensuring all requests will be reviewed/approved by customer representatives authorized to approve break glass activities.
2. Oracle reviews the request. Oracle may reject the request if, for example, Break Glass is not required (for example if other means of performing the activity are available) or if the request would pose a security risk (for example unsupported /destructive actions are requested)
3. Oracle schedules the request which awaits initiation in a pending status. Pending requests can be canceled.
4. Once Oracle has received and confirmed all required approvals are in place, Oracle initiates an automated process to provide the designated Oracle personnel with the minimum access credentials required to perform the task. These access credentials are provided for the time window established as part of the Break Glass Event. Oracle sets a restore point (to allow rollback to a safe/supported known state) and initiates the requested activities.
5. Once the requested activities are complete, both the customer and Oracle review the outcome, and determine if the activities were successful or otherwise.
6. Successful completion results in the changes being committed to the database
7. Failed completion results in the changes being rolled back to the established restore point
Upon closure of the Break Glass Event, the temporary access granted to Oracle is revoked and the audit logs are made available to the customer.
All communications relating to Break Glass Events are managed via My Oracle Support to ensure proper handling of potentially sensitive information.