The Fusion security architecture in Fusion is quite different from EBS and relates to real world scenarios better. Fusion security is externalized from Applications and moved to standardized Fusion Middleware, OPSS and LDAP.
Management of enterprise users and roles in fusion applications is done via Oracle Identity Manager (OIM). OIM manages this data in a database and keeps it in sync with the LDAP directory.
Management of enterprise users and roles in fusion applications is done via Oracle Identity Manager (OIM). OIM manages this data in a database and keeps it in sync with the LDAP directory. OAM is authentication, authorization, and auditing solution that provides centralized security administration. This includes functionality for access control, single sign-on (separate from Oracle Single Sign-On), personalization, and user profile management in heterogeneous application environments across a variety of application servers, legacy applications, and databases. OAM provides key features for creating, managing, and enforcing access policies. In Fusion v1, the LDAP server will hold both the Identity Store and the Policy Store. Identity store holds users and external roles. Policy store holds Application roles, Function and Data security policies.
Fusion ships with a full pre-seeded set of Job Roles. Separation of Jobs and Duty allows access control to be customized to a company’s particular organization
• You can add/change jobs and their duties
• You can add/change duties and their privileges
Below is a comparison of EBS security with Fusion Apps.
Job Role -> Top Level Menu
Data Role -> Responsibility
Duty Role -> Sub Menu
Privilege -> Form Function
Permission -> Executable
However, at times you may need to create a new set of policies, duties and job roles. I will try to demonstrate the steps necessary to setup this using an example in another article.