1. Workspace User Guide
  2. Appendix: Security UI
  3. Additional Information
  4. Policy File Examples

Policy File Examples

This section provides some examples of the core System Policy XML files and custom override XML files.

Core System Policy Files

The core system policy rules are dynamically applied to the system in a way that they are automatically updated as part of a release upgrade whenever the release includes a permissions update.

The current set of core system policy rules can be downloaded as a set of XML files within a ZIP file (System_Policy.zip), for reference when building custom overrides.

The root folder of the compressed file contains:

  • The XSD schema (ui-policies.xsd) which provides the full description of the structure of the policy rules XML files.
  • A set of Policy Set XML files (for example Tasks-PolicySet.xml) which define the policy rules XML files used for each of the policy types: Tasks, Filters, Presenters (Fields), Actions, Redactions, and Decisions.

  • Folders which group together the policy rules XML files by logical area or application module (for example the suppler folder may contain the supplier-filters-policy.xml and supplier-tasks-policy.xml files).

    In addition to folders for the application modules (admin, company, library, project, reports, and supplier), the following folders are included:

    • area - rules relating to Enhanced Access Control (EAC) permissions.
    • enum - rules relating to enumerated picklist values (such as User Types or News Item Priorities).
    • glossary - rules relating to individual glossaries (such as Countries or Contact Roles).
    • home - rules relating to the Home page contents (such as Announcements and Workspace KPIs).
    • manage-columns – rules relating to the presentation of columns in list views based on user type.
    • scoring – rules relating to Supplier Evaluation, dashboards, and scoring.

Some simple examples of XML policy rules for the Admin area are as follows:

admin / admin-tasks-policy.xml

Permit Configuration Editor, Oracle Authorized Administrator, and Scorecard Administrator users access to the configuration of Assessments/Scorecards.

	<Task ruleId="scorecardAdmin">
		<TaskId>Scorecard Questions</TaskId>
		<TaskId>Scorecard Templates</TaskId>
		<TaskId>Scorecard Status</TaskId>
		<Result>PERMIT</Result>
		<ActiveAuthorityProfile>
			<Profile>CONFIGURATION EDITOR</Profile>
			<Profile>ORACLE AUTHORIZED ADMINISTRATOR</Profile>
			<Profile>SCORECARD ADMINISTRATOR</Profile>
		</ActiveAuthorityProfile>
	</Task>

Permit Oracle Authorized Administrator users access to the configuration of Security Policies.

	<Task ruleId="securityPolicies">
		<TaskId>securityPolicies</TaskId>
		<Result>PERMIT</Result>
		<ActiveAuthorityProfile>
			<Profile>ORACLE AUTHORIZED ADMINISTRATOR</Profile>
		</ActiveAuthorityProfile>
    </Task>

Permit News Administrator, Oracle Authorized Administrator, Configuration Editor, and Integration Administrator users access to the configuration of the Photo Album.

	<Task ruleId="albumAdmin">
		<TaskId>albumAdmin</TaskId>
		<Result>PERMIT</Result>
		<ActiveAuthorityProfile>
			<Profile>NEWS ADMINISTRATOR</Profile>
			<Profile>ORACLE AUTHORIZED ADMINISTRATOR</Profile>
			<Profile>CONFIGURATION EDITOR</Profile>
			<Profile>INTEGRATION ADMINISTRATOR</Profile>
		</ActiveAuthorityProfile>
	 </Task>

Permit Oracle Authorized Administrator and Configuration Editor users access to the custom list view migration facility.

	<Task ruleId="userViewMigrationLog">
		<TaskId>userViewMigrationLog</TaskId>
		<Result>PERMIT</Result>
		<ActiveAuthorityProfile>
			<Profile>ORACLE AUTHORIZED ADMINISTRATOR</Profile>
			<Profile>CONFIGURATION EDITOR</Profile>
		</ActiveAuthorityProfile>
	</Task>

admin / admin-actions-policy.xml

Permit Oracle Authorized Administrator users read, create, update, and delete access to Policy Overrides.

	<Action ruleId="PolicyOverridePolicy">
		<Channel>PolicyOverridePolicy</Channel>
		<Action>createPolicyOverridePolicy</Action>
		<Action>read</Action>
		<Action>create</Action>
		<Action>update</Action>
		<Action>delete</Action>
		<ActiveAuthorityProfile>
			<Profile>ORACLE AUTHORIZED ADMINISTRATOR</Profile>
		</ActiveAuthorityProfile>
		<Result>PERMIT</Result>
	</Action>

Override System Policy Files

Custom permissions are applied by uploading rules that override the core system policy rules (as described in Security Policies Administration).

Override rules may be defined in either individual XML files per rule and/or groups of rules within a file (per policy type).

Some simple examples of typical XML override rules are as follows:

admin-tasks-override-photo.xml

Deny News Administrator users access to the configuration of the Photo Album. Policy Type is Task, Combining Algorithm is DenyPreferred.

<Policy type="Task" combiningAlgorithm="DENY_PREFERRED"
	xmlns="http://retail.oracle.com/brand-compliance/ui-policy"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://retail.oracle.com/brand-compliance/ui-policy ../ui-policies.xsd">
	<Task ruleId="albumAdmin">
		<TaskId>albumAdmin</TaskId>
		<Result>DENY</Result>
		<ActiveAuthorityProfile>
			<Profile>NEWS ADMINISTRATOR</Profile>
		</ActiveAuthorityProfile>
	</Task>
</Policy>

admin-tasks-override-migration.xml

Also permit News Administrator users access to the custom list view migration facility. Policy Type is Task, Combining Algorithm is PermitPreferred.

<Policy type="Task" combiningAlgorithm="PERMIT_PREFERRED"
	xmlns="http://retail.oracle.com/brand-compliance/ui-policy"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://retail.oracle.com/brand-compliance/ui-policy ../ui-policies.xsd">
	<!-- User View Migration Admin -->
	<Task ruleId="userViewMigrationLog">
		<TaskId>userViewMigrationLog</TaskId>
		<Result>PERMIT</Result>
		<ActiveAuthorityProfile>
			<Profile>NEWS ADMINISTRATOR</Profile>
		</ActiveAuthorityProfile>
	</Task>
</Policy>