Thursday, November 15, 2012

Fusion Applications Security

The Fusion security architecture in Fusion is quite different from EBS and relates to real world scenarios better. Fusion security is externalized from Applications and moved to standardized Fusion Middleware, OPSS and LDAP.

Management of enterprise users and roles in fusion applications is done via Oracle Identity Manager (OIM). OIM manages this data in a database and keeps it in sync with the LDAP directory.

Management of enterprise users and roles in fusion applications is done via Oracle Identity Manager (OIM). OIM manages this data in a database and keeps it in sync with the LDAP directory. OAM is authentication, authorization, and auditing solution that provides centralized security administration. This includes functionality for access control, single sign-on (separate from Oracle Single Sign-On), personalization, and user profile management in heterogeneous application environments across a variety of application servers, legacy applications, and databases. OAM provides key features for creating, managing, and enforcing access policies. In Fusion v1, the LDAP server will hold both the Identity Store and the Policy Store. Identity store holds users and external roles. Policy store holds Application roles, Function and Data security policies.

Fusion ships with a full pre-seeded set of Job Roles. Separation of Jobs and Duty allows access control to be customized to a company’s particular organization

   • You can add/change jobs and their duties

   • You can add/change duties and their privileges

Below is a comparison of EBS security with Fusion Apps.

Job Role -> Top Level Menu

Data Role -> Responsibility

Duty Role -> Sub Menu

Privilege -> Form Function

Permission -> Executable

However, at times you may need to create a new set of policies, duties and job roles. I will try to demonstrate the steps necessary to setup this using an example in another article.

2 comments:

ascencion rana said...

Impressive stuff here. The information and the aspect were just wonderful. I think that your viewpoint is deep, it’s just well thought out and truly incredible to see someone who knows how to put these thoughts so well. Good job!Oracle SQL

Le Mystique said...

Hi! I am a digital marketer. The previous seo guy working for my client left a spammy comment at your blog with the username Janice Rafael which links to my client's site.
Such comments are or might cause serious damage to my client's site with respect to SEO which is why I am request you here by to remove it asap.
If you don't remove it by 11:59 pm, Pacific Standard Time, 3rd January 2014, we will have use Google's Disavow Tool to get back-link removed and, sorry to say this, but Google may not look too nicely upon you either for not having removed the comment. Thanks in advance for your cooperation.

About Me

My Photo
India
Krishanu's Oracle Applications Blog - Oracle Apps consulting services scenario in India. Also, an inside view of Oracle Apps outsource services in India. Also the blog features new developments in Oracle Apps and my learning's in this field. The views expressed are my own only and not of my employer Wipro Technologies. The views and opinions expressed by visitors to this blog are theirs and do not necessarily reflect mine.