Security Configuration Features
Use the information in the following sections to securely configure the Oracle LSH and Oracle DMW applications.
Parent topic: Oracle LSH and Oracle DMW Security
Secure Installation
This section contains the following topics to securely install Oracle LSH and Oracle DMW:
- Secure the Database Context
- Secure Installation with HTTPS
- Secure the WebLogic Server
- Secure Access to APIs
- Oracle DMW File Watcher Security
- DP Server Security
Parent topic: Security Configuration Features
Secure the Database Context
Use Transparent Data Encryption (TDE) to encrypt the tablespaces holding your LSH/DMW data. See "Securing Stored Data Using Transparent Data Encryption" in the Oracle Database Advanced Security Administrator's Guide (https://docs.oracle.com/cd/E11882_01/network.112/e40393/asotrans.htm#ASOAG600).
Parent topic: Secure Installation
Secure Installation with HTTPS
By default, the Oracle LSH and Oracle DMW installation is configured to use HTTPS, which requires the use of a trusted signed certificate.
You can use HTTPS to encrypt and protect communication between the client desktop and the Oracle LSH and Oracle DMW application server. You can also configure the transmission of data from source systems and Oracle LSH and Oracle DMW to use encrypted communication protocols.
You can install Oracle LSH and Oracle DMW to use HTTP, but Oracle recommends that you use HTTPS with data encryption using Transport Layer Security (TLS) 1.2 and a trusted signed certificate.
Parent topic: Secure Installation
Secure the WebLogic Server
For information on securing the WebLogic Server, see:
- Oracle Fusion Middleware Securing Oracle WebLogic Server
- Oracle Fusion Middleware Securing a Production Environment for Oracle WebLogic Server
- Oracle Fusion Middleware Information Roadmap for Oracle WebLogic Server
Parent topic: Secure Installation
Secure Access to APIs
Oracle LSH includes a set of APIs that enable you to do most of the things you can do through the user interface, including creating, modifying, and installing objects. You can call Oracle LSH APIs from source code in a defined Program in Oracle LSH. In this case, no additional security or setup is required.
To run any API package from a tool outside of Oracle LSH, such as SAS, SQL Developer, or SQL*Plus, your system administrator must configure security settings including setting up a database account and a TMS account with specific privileges. In addition, you can use a PL/SQL wrapper or the security API functionality.
See the Oracle Life Sciences Data Hub Application Programming Interface Guide.
Parent topic: Secure Installation
Oracle DMW File Watcher Security
The files that are placed on a remote file share for detection by File Watcher must have restricted access to prevent investigators and others from seeing data they should not see, such as blinded data. Ensure that the file share is secure by restricting the access permissions on the Linux directories and files and by limiting the number of user groups that have write or execute access to the file share.
For more information, see the Oracle Health Sciences Data Management Workbench Installation Guide.
Parent topic: Secure Installation
DP Server Security
The DP Server process creates directories for each job. The job directory can contain information that may be sensitive to your organization. Oracle recommends that you grant full access to the OS directory only to the Linux user who runs the DP Server process and the external processing engine user who writes into the job directory as part of the job execution.
For more information, see the Oracle Life Sciences Data Hub Installation Guide.
Parent topic: Secure Installation
Security for Third-Party Applications
Oracle LSH can be integrated with the Oracle Business Enterprise Edition (OBIEE) applications, including BI Publisher and applications used for visualization such as BI Server, BI Presentation Services, and OBIEE Answers.
The following topic describes how to secure these integrations:
Parent topic: Security Configuration Features
Secure Oracle Business Intelligence Enterprise Edition Integration
To secure the OBIEE applications that are integrated with Oracle LSH, consider the following:
-
User groups, roles, and rights that you configure in Oracle LSH determine the data that users can access in the OBIEE applications when the OBIEE application is launched from within Oracle LSH.
-
When a user launches an OBIEE application from outside of Oracle LSH, blinded and noncurrent data is not available, regardless of the user's privileges.
-
Each Presentation Server must be installed on a different computer and have a unique URL. You can use this setup to control what users can see in OBIEE.
For more information, see "Security Configuration" in the Oracle Life Sciences Data Hub System Administrator's Guide. In addition, see "Setting Up Oracle Business Intelligence Visualizations" and "Setting Up Security for Oracle Business Intelligence Publisher" in the Oracle Life Sciences Data Hub System Administrator's Guide.
Parent topic: Security for Third-Party Applications