Release 12 of Oracle Applications provides significant enhancements to the Oracle Applications security system. Core Security now includes a Role Based Access Control model that builds on the existing Function Security and Data Security models. A new set of administrative features that build on Core Security are also introduced in this release.
Oracle User ManagementOracle User Management is a secure and scalable system that enables organizations to define administrative functions and manage users based on specific requirements such as job role or geographic location. With Oracle User Management, instead of exclusively relying on a centralized administrator to manage all its users, an organization can create local administrators and grant them sufficient privileges to manage a specific subset of
the organization’s users. This provides the organization with a more granular level of security, and the ability to make the most effective use of its administrative capabilities.
Oracle’s function and data security models constitute the base layers of this system, and contain the traditional system administrative capabilities. Organizations can optionally add more layers to the system, depending on the degree of flexibility they require.
Key features of Oracle User Management include:
Role Based Access Control (RBAC) – Enables organizations to create roles based on specific job functions, and to assign these roles the appropriate permissions. With RBAC, administrative privileges and user access are determined by assigning individuals the appropriate roles.
Delegated Administration – Enables system administrators to delegate some of their administrative privileges to individuals that manage a subset of the organization’s users. These individuals are assigned administrative privileges for a limited set of roles that they can assign to the users they manage.
Registration Processes – Enable organizations to provide end-users with a method for requesting various levels of access to the system, based on their eligibility. Registration processes also simplify an administrator’s job by providing streamlined flows for account maintenance and role assignment.
Self Service Requests and Approvals – Enable end users to request initial access or additional access to the system.
Oracle Application Object Library SecurityOracle Application Object Library security comprises two main components, Function Security and Data Security.
Function Security restricts user access to individual menus of functions, such as forms, HTML pages, or widgets within an application. Function Security by itself restricts access to various functions, but it does not restrict access to the data a user can see or what actions a user can perform on that data.
Data Security restricts the access to the individual data that is shown once a user has selected a menu or menu option. For example, with Data Security you can control the set of users that a particular local security administrator can access within Oracle User Management. In conjunction with Function Security, Data Security provides additional
access control on data that a user can see or actions a user can perform on that data.
User and Data Auditing
Oracle Applications allows you to audit users and changes they make to application data.
The Sign-On Audit feature allows you to track your users’ activities. You can choose who to audit and what type of user information to track. Sign-On Audit reports give you historical, detailed information on your users’ activities within an application. Also, the Monitor Users form allows you to view online, real-time information on user activity.
AuditTrail lets you keep a history of changes to important data: what changed, who changed it, and when. With AuditTrail, you can easily determine how any data row or element obtained its current value. You can track information on most types of fields, including character, number, and date fields.
Security Administrators manage all user accounts in the system, and can assign / revoke all roles. Security Administrators also manage system accounts (such as GUEST), that are not tied to a person.
System Administrator – Security
Release 12 of Oracle Applications provides significant enhancements to the Oracle Applications security system. Core Security now includes a Role Based Access Control model that builds on the existing Function Security and Data Security models. A new set of administrative features that build on Core Security are also introduced in this release.
Oracle User Management
Oracle User Management is a secure and scalable system that enables organizations to define administrative functions and manage users based on specific requirements such as job role or geographic location. With Oracle User Management, instead of exclusively relying on a centralized administrator to manage all its users, an organization can create local administrators and grant them sufficient privileges to manage a specific subset of
the organization’s users. This provides the organization with a more granular level of security, and the ability to make the most effective use of its administrative capabilities.
Oracle’s function and data security models constitute the base layers of this system, and contain the traditional system administrative capabilities. Organizations can optionally add more layers to the system, depending on the degree of flexibility they require.
Key features of Oracle User Management include:
Role Based Access Control (RBAC) – Enables organizations to create roles based on specific job functions, and to assign these roles the appropriate permissions. With RBAC, administrative privileges and user access are determined by assigning individuals the appropriate roles.
Delegated Administration – Enables system administrators to delegate some of their administrative privileges to individuals that manage a subset of the organization’s users. These individuals are assigned administrative privileges for a limited set of roles that they can assign to the users they manage.
Registration Processes – Enable organizations to provide end-users with a method for requesting various levels of access to the system, based on their eligibility. Registration processes also simplify an administrator’s job by providing streamlined flows for account maintenance and role assignment.
Self Service Requests and Approvals – Enable end users to request initial access or additional access to the system.
Oracle Application Object Library Security
Oracle Application Object Library security comprises two main components, Function Security and Data Security.
Function Security restricts user access to individual menus of functions, such as forms, HTML pages, or widgets within an application. Function Security by itself restricts access to various functions, but it does not restrict access to the data a user can see or what actions a user can perform on that data.
Data Security restricts the access to the individual data that is shown once a user has selected a menu or menu option. For example, with Data Security you can control the set of users that a particular local security administrator can access within Oracle User Management. In conjunction with Function Security, Data Security provides additional
access control on data that a user can see or actions a user can perform on that data.
User and Data Auditing
Oracle Applications allows you to audit users and changes they make to application data.
The Sign-On Audit feature allows you to track your users’ activities. You can choose who to audit and what type of user information to track. Sign-On Audit reports give you historical, detailed information on your users’ activities within an application. Also, the Monitor Users form allows you to view online, real-time information on user activity.
AuditTrail lets you keep a history of changes to important data: what changed, who changed it, and when. With AuditTrail, you can easily determine how any data row or element obtained its current value. You can track information on most types of fields, including character, number, and date fields.
Security Administrators manage all user accounts in the system, and can assign / revoke all roles. Security Administrators also manage system accounts (such as GUEST), that are not tied to a person.
Share this:
Service Components
The Generic Service Component Framework helps to simplify and automate the management of background Java services. Service component containers and their service components are run through Generic Service Management (GSM), which you can control through Oracle Applications Manager (OAM).
A service component container is an instance of a service that manages the running of the individual service components that belong to it. The container monitors the status of its components and handles control events for itself and for its components. These actions are recorded in a log for the container.
A service component is an instance of a Java program which has been defined according to the Generic Service Component Framework standards so that it can be managed through this framework. Currently, Oracle Workflow provides four service component types: Workflow Mailer, Workflow Agent Listener, Workflow Java Agent Listener, and Workflow Web Services Outbound.
Oracle Workflow provides several seeded service components of these types, within seeded containers, to perform standard processing. You can optionally create additional service components to perform custom processing. If you create custom service components, you can either assign them to the seeded containers, or, based on the volume to be handled by the seeded containers, you can also choose to create your own custom containers.
All service components have certain attributes required by the Generic Service Component Framework. General definition attributes for a component include the component name, startup mode, container type, inbound agent, outbound agent, and correlation ID. Detail attributes include the container that owns the component, the maximum idle time for an on-demand component, maximum error count, number of inbound and outbound processing threads, component log level, read timeout period, minimum sleep time, maximum sleep time, error sleep time, and whether to close connections when the read timeout period expires.
Share this:
Notification Mailers
A notification mailer is a Java program that performs e-mail send and response processing for the Oracle Workflow Notification System, using the JavaMail API. You need to implement one or more notification mailers only if you want to have your workflow users receive their notifications by e-mail, as well as from the Worklist Web pages.
The notification mailer program is defined as a service component type in the Generic Service Component Framework. This framework helps to simplify and automate the management of background Java services.
Oracle Workflow provides one seeded notification mailer service component, called Workflow Notification Mailer. Most of the configuration parameters for this mailer are set to default values. You can enter several of the remaining required parameters using AutoConfig. After installation, you then only need to enter the e-mail inbox password
in order to complete the configuration of this mailer. Alternatively, if you only want to send outbound messages and do not need to receive inbound messages, you only need to disable inbound processing in order to complete the configuration of this mailer. If the mail servers and Business Event System components used by the notification
mailers are set up, and the Workflow Mailer Service container to which the Workflow Notification Mailer belongs is started, the seeded notification mailer automatically starts running once its configuration is complete.
You cannot delete the seeded Workflow Notification Mailer or edit its name, assigned agents, correlation ID value, or container. However, if necessary you can optionally update other configuration parameters, schedule control events, or manually choose control commands to start, stop, suspend, resume, or refresh this notification mailer.
Note: Oracle Alert also uses the Workflow Notification Mailer to send and receive alert e-mail messages. If you use Oracle Alert, ensure that the configuration of the Workflow Notification Mailer meets your alert requirements.
Custom Notification Mailer
You can also optionally create additional notification mailer service components. For example, you can create a notification mailer that processes only messages that belong to a particular workflow item type, or create additional mailers that process the same types of message to increase throughput.
The correlation ID for a notification mailer determines which messages it can process. To dedicate a notification mailer to processing messages from a particular item type, set that item type as the correlation ID. To create a general notification mailer that can process messages from any item type, leave the correlation ID blank. The seeded Workflow Notification Mailer has a blank correlation ID so that it can run as a general mailer.
Note: If you run a general notification mailer and a dedicated notification mailer for a particular item type at the same time, a message from that item type may still be processed by the general mailer if that mailer is the first to access the message. If you want only the dedicated notification mailer to process messages from that item type, disable any general mailers. In this case, however, ensure that you define dedicated mailers for all item types used in your Oracle Applications installation.
You can also configure any notification mailer service component to process only inbound messages, or only outbound messages. You associate inbound and outbound mailers with each other by assigning them the same mailer node name. The mailer node name indicates which inbound mailer can process incoming responses to outbound messages sent by a particular outbound mailer.
Share this:
Oracle Workflow Manager
Oracle Workflow Manager is a component of Oracle Applications Manager that allows system administrators to manage Oracle Workflow for multiple Oracle Applications instances from a single console.
Using Oracle Workflow Manager, administrators can control Workflow system services, such as notification mailers, agent listeners, and other service components, background engines, purging obsolete Workflow data, and cleanup of the Workflow control queue.
Administrators can also monitor work item processing by viewing the distribution of all work items by status and drilling down to additional information. Additionally, they can monitor event message processing for local Business Event System agents by viewing the distribution of event messages by status as well as queue propagation schedules. With this ability to monitor work items and event messages, a system administrator can identify possible bottlenecks easily.
Navigation: Applications Dashboard > (pull-down menu) Workflow Manager > (B) Go
Gathering Oracle Workflow Statistics
Some Oracle Workflow Manager graphs and lists may summarize large volumes of data, depending on the level of activity in your Oracle Applications instance. To enhance performance in displaying these statistics, Oracle Workflow Manager periodically runs concurrent programs to gather the statistics and displays the graphs
and lists based on the latest data from the concurrent programs.
1. Workflow Agent Activity Statistics Concurrent Program (FNDWFAASTATCC) –
Gathers statistics for the Agent Activity graph in the Workflow System status page and for the agent activity list in the Agent Activity page.
2. Workflow Mailer Statistics Concurrent Program (FNDWFMLRSTATCC) –
Gathers statistics for the throughput graph in the Notification Mailer Throughput page.
3. Workflow Work Items Statistics Concurrent Program (FNDWFWITSTATCC) –
Gathers statistics for the Work Items graph in the Workflow System status page, for the Completed Work Items list in the Workflow Purge page, and for the work item lists in the Active Work Items, Deferred Work Items, Suspended Work Items, and Errored Work Items pages.
These concurrent programs are scheduled to run every 24 hours by default. They do not require any parameters. You can optionally cancel the default scheduled requests and run the programs with a different schedule if you want to gather statistics at a different frequency.
Each of these graphs and lists displays the date and time when its statistics were last updated, as well as a refresh icon that you can select to refresh the statistics immediately if necessary. However, note that if your Oracle Applications instance contains very large volumes of workflow data, you may encounter delays or page timeouts when refreshing the data.
Note: Oracle Workflow Manager statistics that typically represent smaller volumes of data, such as work item details and work item activity details, are queried directly rather than through the concurrent programs.
Share this:
System Administrator – Maintenance
This Maintenance volume describes maintenance tasks for an Oracle Applications installation, as well as tasks you might perform on a frequent basis. Managing Concurrent Processing and Concurrent Programs.
Monitoring an Applications System Using Oracle Applications Manager
Oracle Applications Manager allows you to monitor many components of your applications system, such as database status, system activity, forms sessions and processes, and applications usage.
In addition, the OAM console can provide information on system alerts, metrics, and logs that can help you diagnose potential problems. For example, configuration issues,overdue routine maintenance tasks, and invalid data can cause serious problems requiring either an automated response or manual intervention.
Oracle Workflow Manager
Oracle Workflow Manager is a component of Oracle Applications Manager that allows system administrators to manage Oracle Workflow for multiple Oracle Applications instances.
Using Oracle Workflow Manager, administrators can control Workflow system services, such as notification mailers, agent listeners, and other service components, background engines, purging obsolete Workflow data, and cleanup of the Workflow control queue.
Administrators can also monitor work item processing by viewing the distribution of all work items by status and drilling down to additional information. Additionally, they can monitor event message processing for local Business Event System agents by viewing the distribution of event messages by status as well as queue propagation schedules. With this ability to monitor work items and event messages, a system administrator can identify possible bottlenecks easily.
Share this: