1. Secure Configuration Guide
  2. Secure Configuration Guide
  3. Security Features

Security Features

User security features

Login security

Users must enter their user names and passwords to access the HDR APIs during each client request.

If either a user name or password is incorrect, an error message appears, but does not tell the user the value that is incorrect. Therefore, if someone else is using the account to attempt to log in, the message does not confirm either a user name or password. 

No data loss after a session transaction

All HDR services are stateless and none of the services maintain any kind of session information after the API call ends.

Automatically deactivated user accounts

UserLockout can be enabled for the HDR WebLogic user. Refer to https://docs.oracle.com/middleware/12213/wls/WLACH/pagehelp/Securitysecurityrealmrealmuserlockouttitle.html.

Security event logs

User authentication logging for HDR application can be done by configuring the WebLogic Auditing Provider. Refer to https://docs.oracle.com/middleware/12213/wls/SECMG/audit.htm#SECMG137.

Application security features

Oracle Healthcare Data Repository relies on WebLogic user authentication to access all its APIs. There is no authorization mandated since more elaborate user authentication and authorization are implemented in the application developed using HDR APIs.

Default user

The Healthcare Data Repository application installs the WebLogic admin user by default. During the installation, you configure a password for this user.

Oracle recommends that you create administrator accounts for individual users and delete the system user after the initial application configuration.

Data security features

Protecting study objects

You can protect a library or a study to prevent users from making changes to study objects that you do not want to be modified.

When you protect a study or library, changes cannot be made to study objects or to the structure of the study or library.

When a study object is protected, its icon changes to reflect its protected state.

For more information, see the Implementation Guide.

Audit trails for data security

Audit trails are comprehensive records that include information about each change that occurs in the Healthcare Data Repository application.

The audit trail for the Healthcare Data Repository application records each change, and for each change:

  • Person who made the change.
  • Date and time of the change.

You cannot modify data in an audit trail. For more information, see the User Guide.