Fusion Applications Security

Fusion Applications implements the security using the Oracle Identity Management (IDM) stack.

The IDM stack consists of identity store and Policy store .

The Enterprise and Applications roles are implemented y in Identity and Policy stores respectively.
Enterprise Roles/External Roles – Maintained in OIM
Across all Fusion Applications, Abstract, Job and Data roles are mapped to Enterprise roles . These roles are stored in the Identity Store. They are managed through OIM and Identity Administration tools. This tool includes the following capabilities with respect to Enterprise role management:
Create Fusion Applications Implementation Users
Provision Roles to Implementation Users
Manage Abstract, Job and Data roles including the job hierarchy

Applications Roles – Maintained in APM
A “Duty Role” is mapped to Application Roles and is stored in the Policy Store. An application role is supplied by a single application or pillar of applications. The application policies are managed through “Authorization Policy Manager” (APM). APM is a graphical interface that simplifies the creation, configuration, and administration of application policies. Applications Authorization Policy Manager (APM) refers to enterprise roles as external roles.

If you are creating a custom role. then First you create external role in OIM and then create custom Application Role in APM and map external role to the application role in External Role Mapping Tab as shown below

External Role Mapping

Alternatively you can also map application role to the external role in APM as shown below under application role mapping. You need to first inquire the external role and then map the application role.

Application Role Mapping

 

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s