1. Adapter Toolkit Guide
  2. Designing an Adapter
  3. Planning Integrated Development Environment Adapters
  4. Synchronizing Security with Integrated Environments
  5. Tracking and Removing Object Access

Tracking and Removing Object Access

Program and Business Area adapters allow users to launch an integrated development environment (IDE) from Oracle Life Sciences Data Hub to modify an Oracle LSH Program or Business Area's source code.

You must ensure that Definers can modify only Programs and Business Areas on which they have Modify privileges in Oracle LSH by using the external system's APIs or another security mechanism.

One approach is to ensure that when users launch the IDE, which they can do only through a Program or Business Area, that they have access only to that particular Program or Business Area in that session, even if they have access to other Programs or Business Areas of the same IDE type and have worked on them in the past.

For example, if the external system has entities that correspond to Oracle LSH Programs or Business Areas (such as OBIEE Subject Areas) and public APIs that grant and revoke access to these entities, you can design your adapter so that when the user launches the IDE, the adapter calls the external system's API to:

  • grant access to the entity corresponding to the Program or Business Area
  • revoke access to previously granted entities, if any

In order to revoke access to previously granted entities, you must maintain a record of each user's IDE launches and the Programs, Business Areas, and the corresponding external entities to which each user was granted access. Oracle LSH has a public API, CDR_PUB_EXE_EXTERNAL.TRACKLAUNCHIDE, and a table, CDR_IDE_LAUNCH, for this purpose; see Tracking API and Tracking Table.

In your Build_IDE_Cfg_Function you can call CDR_PUB_EXE_EXTERNAL.TRACKLAUNCHIDE and the external system's APIs to grant and revoke access to the appropriate entities in the external system.

In addition, in the case of Programs, your function may need to determine whether the Program being launched uses source code shared from another Program and if so, grant read access to the corresponding external entity for that Program too. You then also need to be sure to revoke access from all entities included in the previous launch. They have the same IDE_LAUNCH_ID.

Note:

No Business Area types currently included with Oracle LSH use shared source code, but it is theoretically possible.

See the following reference information:

Parent topic: Synchronizing Security with Integrated Environments