Security
Oracle Content Management uses a multilayered approach to protect your system and content.
Note:
Oracle is in the process of updating Oracle Cloud Infrastructure (OCI) regions to switch from Identity Cloud Service (IDCS) to Identity and Access Management (IAM) identity domains. All new Oracle Cloud accounts will automatically use IAM identity domains. Depending on whether your region uses IAM identity domains or not, you'll use different documentation to manage users, groups, and access. If your region has been updated, follow the steps marked IAM. If your region hasn't been updated, follow the steps marked IDCS.| Security Feature | Description | Who Manages It and Where |
|---|---|---|
| User accounts | You need an account with a user name and password to access Oracle Content Management. |
|
| Application roles | Each user is assigned one or more roles to control what functionality and areas of the web user interface they can access. |
|
| Groups | Groups make it easy to grant multiple users access to folders, conversations, and content types. By adding someone to a group or removing them from a group, you can quickly update the permissions to all the items that group has access to. |
Users can create additional groups in Oracle Content Management as necessary. |
| Mobile device passcodes | When accessing files on a mobile device, you can set a passcode to provide additional security. The passcode is a four-digit number that is set and managed on your device. It's used in addition to your user name and password. | Users manage their passcodes on their mobile devices. |
| Revoke authorization for a mobile device | If a user loses their device or it’s taken, they should remove that device's authorization to access the service. The next time someone tries to activate the app on the device, the account is signed out and all local content stored on the device for that account is deleted. | Users can revoke a device from the web client. |
| Single Sign-On (SSO) | If Federated Single Sign-On (SSO) is currently available for your Oracle Content Management environment, you can enable it to customize sign-in procedures. When Single Sign-On (SSO) is enabled, users can sign in to one domain using corporate security credentials and access another domain without signing in again. For example, perhaps you are an administrator for your company which has two Oracle Cloud Services and you must provision these services to your company’s organization, roles, and users. Your company may also have on-premise applications and cloud services from other vendors. It’s important that communication between these services and applications is done in a secure fashion. With SSO, users can sign in to all of them using the same set of credentials that are managed by using your identity domain system. | Cloud account administrators configure SSO in the Oracle Cloud Console. |
| File encryption | Files are protected using Transport Layer Security (TLS) technology. Files are encrypted while they're uploaded (in transit) and when they’re stored (at rest) in the cloud. Files at rest that are stored using the Oracle Storage Cloud service are encrypted using a 256–bit RSA encryption algorithm. That prevents unauthorized use of the files.
Any files downloaded to a mobile device are also encrypted. You can't access those files outside of the Oracle Content Management app unless you specifically download the file for use on the device. |
File encryption is handled automatically by Oracle Content Management. |
| File type and size restrictions | You can specify which types of files can be uploaded and restrict the size of uploaded files. In addition, when you upload files to the cloud, they can be checked by a virus scanner. Any files found to be infected are quarantined in the Trash bin and a special icon marks the file as infected. | Service administrators configure file type and size restrictions through the Oracle Content Management Administration interface. |
| File access control | You have total control over who can access your files. You can add co-workers as members of a folder. The added users are granted default access rights, but folder managers can also change those rights.
In addition to sharing folders, you can also share files using links. If you send a link to a member of a folder, the member can sign in and use the file in the service. If you send the link to a non-member, that person is restricted from seeing other files in the folder. |
Service administrators set the default role for new folder members and set default link behavior. Users control access when they share content. |
| Conversation encryption | Conversations at rest are stored using the Oracle Storage Cloud service and are encrypted using a 256–bit RSA encryption algorithm. That prevents unauthorized access to conversation content. | Conversation encryption is handled automatically by Oracle Content Management. |
| Site creation and sharing restrictions | You can specify who can create, share, and use sites functionality, which lets users design, build, publish, and manage websites that are hosted in Oracle Cloud. | Service administrators configure sites settings through the Oracle Content Management Administration interface. |
| Site security | When you publish a site and make it available online, it’s publicly available to anyone. However, you can change the security settings for the site to require users to sign in. You can also require that users have a specific role assigned to them. | Site owners and managers control the security for individual sites. |
| Site sharing | With site sharing, you specify individual users who can access your unpublished (offline) site and allow them to view, modify, or manage the site based on the permission you give them. | Site owners and managers control the security for individual sites. |
| Site component sharing | Some components provide access to shared resources such as folders, files, or conversations. Component sharing considers both site security (who can view the published site) and resource sharing (who can view and work with folders, files, and conversations). | Site component sharing is handled automatically by Oracle Content Management based on site and resource security. |
| Cross-Origin Resource Sharing (CORS) | Cross-Origin Resource Sharing (CORS) allows a web page to make requests such as XMLLHttpRequest to another domain. If you have a browser application that integrates with Oracle Content Management but is hosted in a different domain, add the browser application domain to Oracle Content Management’s CORS origins list. | Service administrators configure CORS through the Oracle Content Management Administration interface. |
| Proxy service | Oracle Content Management includes a proxy service, so that you can use REST services which have Cross-Origin Resource Sharing (CORS) limitations or require service account credentials. The proxy service is a reverse proxy server. It provides a URL to which web browsers connect. The proxy service then acts as an intermediary between the web browser and a remote REST service (or endpoint). The proxy service explicitly adds CORS support to all endpoints and can optionally insert service account credentials to requests coming from web browsers. | Service administrators configure the proxy service through the Oracle Content Management Administration Integrations interface. |
| Embedded content allowlist | You can display content from Oracle Content Management within other domains. For example, you might embed the Oracle Content Management web user interface into your own web applications to access folder and document management features inside your application. The embedded content appears only if embedded content is enabled and the domain is added to allowed domains allowlist. | Service administrators configure embedded content settings through the Oracle Content Management Administration interface. |