Setting Up Object Security
Your company must design a security system that meets its particular needs. For information, recommendations, and examples of security system design, see the Oracle Life Sciences Data Hub Implementation Guide.
Your company must design a security system that meets its particular needs. For information, recommendations, and examples of security system design, see the Oracle Life Sciences Data Hub Implementation Guide.
Each time a user tries to perform an operation on a defined object, the system runs a check that compares the security privileges of the user with the security requirements of the object.
A user can operate on an object only if both these conditions are met:
- The user belongs to an active user group that is assigned to that object, either explicitly or through inheritance.
- The user has a role in that user group that permits the operation on the object's subtype.
The Oracle Life Sciences Data Hub Implementation Guide has information on designing an appropriate set of object subtypes, roles, and user groups to meet your company's needs.
This section contains the following topics:
- Creating and Maintaining Object Subtypes
Oracle Life Sciences Data Hub includes a set of predefined object types, such as Tables, Programs, Report Sets, and Variables. Each of these object types has a predefined set of all possible operations that can be performed on objects of that type. - Creating and Maintaining Object Security Roles
A role consists of a name, description, and a set of operations allowed on object subtypes. Users in a user group that have access to a particular object will be able to perform the operations on the types of objects specified by the role(s) they have in the user group. - Assigning Subtype Operations to Roles and Modifying Assignments
Subtype operations are predefined. They are the same as the predefined operations on their object type. You must assign at least one role to each operation; if no roles are assigned to the operation, no one will be able to perform the operation on objects of that subtype. - Creating and Maintaining User Groups
User groups control the access of users to objects and outputs (and through them, to data). A user has access to an object only if he or she belongs to a user group that is assigned to the object, either explicitly or through inheritance. For more details on user groups, see the Oracle Life Sciences Data Hub Implementation Guide.
Parent topic: Setting Up the Security System