1. Licensing Information User Manual
  2. Oracle Entitlements Server Basic

C Oracle Entitlements Server Basic

This appendix describes the functionality of Oracle Entitlements Server Security Module, available in the Oracle Entitlements Server Basic license.

This appendix includes the following topics:

Oracle Entitlements Server Basic Overview

Oracle Entitlements Server Basic replaces the embedded authorization engine within Oracle Platform Security Services (OPSS) and is used to define, enforce and audit basic Role Based Access Control and Java2/JAAS permission based authorization policies. A license of Oracle Entitlements Server Basic is included and available for use only with Oracle products that lists this component in their respective licensing documentation.

Parent topic: Oracle Entitlements Server Basic

Oracle Entitlements Server Basic License Feature Constraints

Table C-1 summarizes the Oracle Entitlements Server and Oracle Entitlements Server Security Module features that have usage restrictions under the terms of the Oracle Entitlements Server Basic license. For full use of these capabilities you are required to license Oracle Entitlements Server and Oracle Entitlements Server Security Module.

Note:

Oracle Entitlements Server Basic included in Oracle WebLogic Server editions via the inclusion of Oracle TopLink and Oracle Application Development Framework is only for applications built on Oracle Application Development Framework.

Table C-1 Oracle Entitlements Server Basic License Feature Constraints

Feature Category Summary of Restrictions in Oracle Entitlements Server Basic License

Role Based Access Control (RBAC) and Java2 / JAAS permissions

RBAC and Java2/JAAS permissions are two authorization standards supported in Oracle Entitlements Server.

Oracle Entitlements Server Basic permits use of RBAC and Java2/JAAS permissions to define, enforce, and audit authorizations for the Oracle products that includes Oracle Entitlements Server Basic.

Only positive “grant" or “permit" based authorization policies are permitted under the Oracle Entitlements Server Basic license.

Resources & Roles

Oracle Entitlements Server enables applications to define resource catalogs, application roles, role hierarchies, authorization policies, and dynamic role mapping policies.

Oracle Entitlements Server Basic only permits use of authorization for Java2/JAAS permissions and resources based on resource types that are out of the box secured by Oracle products that includes Oracle Entitlements Server Basic. Use of Application roles, role hierarchies, and static (unconditional) role assignment is permitted under Oracle Entitlements Server Basic License.

Use of dynamic role mapping policies is not permitted under the Oracle Entitlements Server Basic license.

XACML, Attribute Based Access Control (ABAC), Data Security

XACML, ABAC, and Data Security are authorization standards / models supported in Oracle Entitlements Server and enables organizations to define and enforce advanced, rule based role mapping and authorization policies based on Conditions and Obligations.

Use of XACML, ABAC, attributes, functions, controlling access to data, Conditions and Obligations is not permitted in the Oracle Entitlements Server Basic License.

Custom, 3rd party Application, Middleware, Application Server, Database Support

Oracle Entitlements Server enables organizations to define, enforce and manage authorization policies to a broad variety of applications, middleware, application servers, and databases.

Authorization and integration with / for 3rd party (non-Oracle) applications, middleware, application servers, and databases is not permitted under the Oracle Entitlements Server Basic License.

Oracle Entitlements Server Basic only permits integration with custom applications built using Oracle Fusion Middleware technologies which includes Oracle Entitlements Server Basic, subject to all license terms / restrictions defined for Oracle Entitlements Server Basic.

Audit & Administration UI

Oracle Entitlements Server enables organizations to administer authorization and role mapping policies as well as audit authorization decisions and policy changes at runtime.

Oracle Entitlements Server Basic permits use of the Oracle Entitlements Server Administration UI console (Authorization Policy Manager) subject to all license terms / restrictions defined for Oracle Entitlements Server Basic. Auditing and reporting of audit data is permitted.

PDP / Security Module deployment

Oracle Entitlements Server provides organizations with multiple deployment options for the Oracle Entitlements Server PDP / Security Module.

Oracle Entitlements Server Basic only permits use of the default embedded PDP / Security Module that is preinstalled with Oracle Fusion Middleware technologies and Oracle Applications that include Oracle Entitlements Server Basic. Only the default “Uncontrolled Pull" policy distribution mode and the embedded/in process deployment mode of the authorization engine is allowed as part of Oracle Entitlements Server Basic.

Oracle Entitlements Server SDK's

Oracle Entitlements Server SDK's provide runtime authorization decisions and tooling for managing Oracle Entitlements Server artifacts.

Oracle Entitlements Server Basic permits use of Java based Oracle Entitlements Server runtime authorization decision API's only for applications built on Oracle Fusion Middleware technologies that includes Oracle Entitlements Server Basic, subject to all license terms / restrictions defined for Oracle Entitlements Server Basic.

Administration and authoring of policy related artifacts through Oracle Entitlements Server management (MAPI) SDK's is not permitted under the Oracle Entitlements Server Basic license.

Policy Store

Oracle Entitlements Server provides organizations with a large number of options on where to store authorization policies.

Oracle Entitlements Server Basic permits storage of authorization policies and related artifacts in the certified policy stores.

Policy Simulation

Oracle Entitlements Server provides organizations with facilities to simulate the evaluation and outcome of authorization and role mapping policies.

Usage of the Policy Simulation UI is permitted under the Oracle Entitlements Server Basic license, subject to all license terms / restrictions defined for Oracle Entitlements Server Basic.

Identity Store

Oracle Entitlements Server enables organizations to use / reference one or more identity stores, typically LDAP servers or databases, for user and external roles / group information.

Oracle Entitlements Server Basic permits use of a global identity store / configuration for the applications being managed. Use of application specific identity stores is not permitted under Oracle Entitlements Server Basic.

Parent topic: Oracle Entitlements Server Basic