1. Security Guide
  2. Oracle LSH and Oracle DMW Security
  3. User Security Features

User Security Features

When you set up user accounts as described in "Setting Up User Accounts" in the Oracle Life Sciences Data Hub System Administrator's Guide, use the information in the following topics to securely configure users in Oracle LSH:

Parent topic: Oracle LSH and Oracle DMW Security

User Password Security

Oracle recommends that you use the profile settings described in this section to provide optimal security in login password usage in Oracle LSH:

  • Password case sensitivity: You must set this profile to Insensitive if you are using Oracle LSH Programs of type Business Intelligence Publisher to enable users to log in to BI Publisher using their single sign-on credentials.

  • Password length requirement: This profile determines the minimum number of characters required in a user's Oracle LSH login password. The default setting is 5. Oracle recommends a setting of 8 or more for use with Oracle LSH.

  • "Hard to guess" requirement: This profile enforces requirements that make it more difficult to guess what another user's password might be. These requirements come as a package; you must either accept or reject the whole. Oracle recommends a setting of Yes (to accept the package) for use with Oracle LSH.

  • "Forgot your password?" functionality: For Oracle LSH, Oracle recommends a setting of 40 for the Local Login Mask profile. This setting displays a "Forgot your password?" link on the Login page. If the user clicks this link, the system loads a page where the user can enter his or her username.

    The user then receives an email stating, "Password reset requires approval." The user needs to click one of the choices "Approve" or "Reject" that automatically generate an email response. If the user ignores the notification, the request expires in four hours.

  • Limit on log-in attempts: This profile option determines the maximum number of logins a user can attempt before the user's account is disabled. To reinstate the account a system administrator must unlock the account and reset the password. For example, if the value set is 3, it will lock the account if the user enters incorrect password 3 times.

  • Time limit on password reuse after resetting a password: This profile will set the minimum number of days that a user must wait after changing his or her password before being allowed to reuse a password. The user can use the new password once and then must wait the number of days you set before he or she can reuse the password.

    For example, if the value of this profile is set to 5, a user who changes his or her password cannot reuse the password until 5 days after they reset.

    If the profile value is set to the number 0, then there is no restriction on password reuse.

See "Setting Password Requirements" in the Oracle Life Sciences Data Hub System Administrator's Guide.

To change their own passwords, both Oracle LSH and Oracle DMW users must use Preferences in Oracle LSH. See the Oracle Life Sciences Data Hub User's Guide and the Oracle Health Sciences Data Management Workbench User's Guide

Parent topic: User Security Features

Database User Account Security

For users who need access to the Oracle LSH database through an external system or remote database, you must create an Oracle LSH database account. Oracle LSH allows you to create an Oracle LSH database account to only allow the users you select to access the database.

The Oracle LSH user database accounts have a session timeout with a default setting of 24 hours. A public API is provided to permit an administrator to modify the timeout value, but the maximum value permitted is 24 hours. This setting applies to all database accounts in the Oracle LSH instance. You cannot set a different timeout for each account. If the database accounts are not used to connect Oracle DMW to another application, but are used by individuals to occasionally connect to the database to query data, then a shorter timeout provides greater security for your environment

For more details, see "Database Accounts for Use in Definition" in the Oracle Life Sciences Data Hub System Administrator's Guide.

Parent topic: User Security Features

TMS User Security

Users who will run Oracle LSH APIs that insert, delete, or modify Oracle LSH classification hierarchies and terms (LSH Classification Admin tasks) need security access for their Oracle LSH database account to the Oracle Thesaurus Management System (TMS) instance that is installed as part of Oracle LSH.

See "Setting Up TMS Security for Users" in the Oracle Life Sciences Data Hub System Administrator's Guide.

Parent topic: User Security Features