1. Securing Oracle Enterprise Data Quality
  2. Applying Recommended Security Settings
  3. Account with Minimal Permissions for Service Integration

Account with Minimal Permissions for Service Integration

If Siebel is integrated with EDQ for batch jobs, the user account also needs the permission to connect to the management (JMX) port in order to start EDQ jobs. This is controlled by the System/System Administration functional permission. Also the 'connect to messaging system' should be listed as 'System/Connect to Messaging System'. The section ought also to reference Oracle Data Integrator (ODI). The EDQ account used for ODI integration will require the same permissions (it actually does not currently need Connect to Messaging System but it might eventually and it is good practice to include it). So, we need something like:

An EDQ account used by a remote system such as Siebel or Oracle Data Integrator should have the minimum set of permissions on an EDQ system. Specifically, the account should be in a custom group with the following permissions only, and no access to log into any user applications or perform any other functions:

  • System / Connect to Messaging System - so that it is authorized to communicate with EDQ web services and JMS.

  • System/ System Administration - so that it is authorized to connect to the EDQ Management (JMX) Port and can initiate jobs.

  • Permissions to any projects containing any service interfaces (e.g. web services or jobs) that it needs to be able to call.