The most comprehensive Oracle applications & technology content under one roof

Oracle Entitlement Server

Managing Organizations

The most comprehensive Oracle applications & technology content under one roof

What are we here for

• Learn about what OES does• How it might be used to solve problems• Demo maybe

The most comprehensive Oracle applications & technology content under one roof

Security

• Specialized area• Brittle security when built in• Difficult to change

The most comprehensive Oracle applications & technology content under one roof

The Problems

• Managing access to resources• Governance• Auditing• Accommodating changes

The most comprehensive Oracle applications & technology content under one roof

Identity Management

• RBAC• Authentication and Authorization• Latency high response for authorization

The most comprehensive Oracle applications & technology content under one roof

OES Overview

The most comprehensive Oracle applications & technology content under one roof

Entitlement Server Features

• XACML• Fine Grain Entitlement Management• RBAC• ABAC

The most comprehensive Oracle applications & technology content under one roof

XACML and Database

• Database auditing can be done with XACML – Note 1375460.1

• Database security is not currently available• Use database http server to query PEP• Database performance???

The most comprehensive Oracle applications & technology content under one roof

Business Problem

• Application has rules• Rules need to change• Are your rules hard coded?• Policy engine provides way to support

The most comprehensive Oracle applications & technology content under one roof

Admin Console

• CRUD on policy and objects• Mapping policies to users• Policies• Resources• Entitlements• Roles• Applications

The most comprehensive Oracle applications & technology content under one roof

Roles – Role Categories

• Roles – User, developer, manager• Role Categories are tags

The most comprehensive Oracle applications & technology content under one roof

Role Hierarchies

• Set up Role Hierarchies • Director -> Manager -> Call Centre Worker• Employee -> Payroll Admin -> Accountant• Role Mapping – Dynamic Assignment

The most comprehensive Oracle applications & technology content under one roof

Resources

• Add resources• A resource can be a URL or field on a page • A business object – transfer funds• Authorization Policy to grant or deny• Can the user complete a task• Time based access

The most comprehensive Oracle applications & technology content under one roof

Entitlements

• Action that can be performed on a resource• Uses the legal actions defined in parent

resource type• Targets – could be more than one resource

The most comprehensive Oracle applications & technology content under one roof

Policy

• Has at least one principal – user, role, Ex or app

• At least one target• Grant/deny permissions • Conditions

The most comprehensive Oracle applications & technology content under one roof

Attributes & Functions

• Used in conditions• Attribute can be dynamically assigned a value• Evaluated at run time -perhaps location• Can be multivalued list• Condition builder

The most comprehensive Oracle applications & technology content under one roof

Condition Builder

The most comprehensive Oracle applications & technology content under one roof

Administration

• Delegated administration• Application Administration• View or manage rights• Policy Domains to delegate• Allows for delegation to specific areas

The most comprehensive Oracle applications & technology content under one roof

Questions

The most comprehensive Oracle applications & technology content under one roof

Bio

• Peter McLarty• Director Turagit Consulting• Chameleon• DBA, Middleware, Architecture• http://www.turagit.com