Oracle Entitlement Server - Managing Organisations
1. The most comprehensive Oracle applications & technology content under one roof
Oracle Entitlement Server
Managing Organizations
2. The most comprehensive Oracle applications & technology content under one roof
What are we here for
• Learn about what OES does
• How it might be used to solve problems
• Demo maybe
3. The most comprehensive Oracle applications & technology content under one roof
Security
• Specialized area
• Brittle security when built in
• Difficult to change
4. The most comprehensive Oracle applications & technology content under one roof
The Problems
• Managing access to resources
• Governance
• Auditing
• Accommodating changes
5. The most comprehensive Oracle applications & technology content under one roof
Identity Management
• RBAC
• Authentication and Authorization
• Latency high response for authorization
6. The most comprehensive Oracle applications & technology content under one roof
OES Overview
7. The most comprehensive Oracle applications & technology content under one roof
Entitlement Server Features
• XACML
• Fine Grain Entitlement Management
• RBAC
• ABAC
8. The most comprehensive Oracle applications & technology content under one roof
XACML and Database
• Database auditing can be done with XACML –
Note 1375460.1
• Database security is not currently available
• Use database http server to query PEP
• Database performance???
9. The most comprehensive Oracle applications & technology content under one roof
Business Problem
• Application has rules
• Rules need to change
• Are your rules hard coded?
• Policy engine provides way to support
10. The most comprehensive Oracle applications & technology content under one roof
Admin Console
• CRUD on policy and objects
• Mapping policies to users
• Policies
• Resources
• Entitlements
• Roles
• Applications
11. The most comprehensive Oracle applications & technology content under one roof
Roles – Role Categories
• Roles – User, developer, manager
• Role Categories are tags
12. The most comprehensive Oracle applications & technology content under one roof
Role Hierarchies
• Set up Role Hierarchies
• Director -> Manager -> Call Centre Worker
• Employee -> Payroll Admin -> Accountant
• Role Mapping – Dynamic Assignment
13. The most comprehensive Oracle applications & technology content under one roof
Resources
• Add resources
• A resource can be a URL or field on a page
• A business object – transfer funds
• Authorization Policy to grant or deny
• Can the user complete a task
• Time based access
14. The most comprehensive Oracle applications & technology content under one roof
Entitlements
• Action that can be performed on a resource
• Uses the legal actions defined in parent
resource type
• Targets – could be more than one resource
15. The most comprehensive Oracle applications & technology content under one roof
Policy
• Has at least one principal – user, role, Ex or
app
• At least one target
• Grant/deny permissions
• Conditions
16. The most comprehensive Oracle applications & technology content under one roof
Attributes & Functions
• Used in conditions
• Attribute can be dynamically assigned a value
• Evaluated at run time -perhaps location
• Can be multivalued list
• Condition builder
17. The most comprehensive Oracle applications & technology content under one roof
Condition Builder
18. The most comprehensive Oracle applications & technology content under one roof
Administration
• Delegated administration
• Application Administration
• View or manage rights
• Policy Domains to delegate
• Allows for delegation to specific areas
19. The most comprehensive Oracle applications & technology content under one roof
Questions
20. The most comprehensive Oracle applications & technology content under one roof
Bio
• Peter McLarty
• Director Turagit Consulting
• Chameleon
• DBA, Middleware, Architecture
• http://www.turagit.com
Notas del editor
DB Security not suitable as policy access is too slow for a database. Does the Oracle database require an internal PEP to allow connection to a policy manager