12 Allowlist Support

Oracle Utilities Cloud Service’s allowlist enforces the protection of resources within your implementation. Allowlists can also apply to non-cloud implementations and in some cases, extended to suit individual needs.

Note:

Oracle Utilities Cloud Services do not support allowlist customization.

SQL Allowlist

The SQL used in query zones and Groovy scripts can be limited in relation to supported SQL functions that prevent performance issues or inappropriate access to the database through Oracle Utilities Cloud Service functions.

Oracle Utilities Cloud Service provides F1-SQLFunctionWhiteList, which is an allowlist implemented as a Managed Content object. This is a non-changeable allowlist that lists the supported and usable SQL functions. Oracle Utilities Cloud Services generate a runtime error when running an SQL function that is not included in the allowlist.

HTML Allowlist

The HTML used in UI Maps can be limited in relation to supported HTML tags. Oracle Utilities Cloud Services provide F1-HTMLWhiteList, which is an allowlist implemented as a Managed Content object. This allowlist manages the list of valid HTML tags that can be used on HTML objects. Attempts to run a UI Map with an HTML tag not listed in F1-HTMLWhiteList are ignored as comments and may result to unexpected behaviors.

Groovy Allowlist

The Groovy language has been added as an alternative scripting language that can access low level APIs. As the language has access to low level APIs, it has been allowed to exclude parts of the language not appropriate for cloud implementations.

The Groovy allowlist confirms to the Oracle Cloud SDK’s Supported Classes and Methods for Use in Groovy Scripts . The Groovy allowlist appears on the Dashboard zone when implementations maintain scripts. Oracle Utilities Cloud Services do not support ADF extensions to Groovy. Refer to online documentation for more information and examples.