Oracle Cloud Security Methodology
Cloud Security Methodology can be summarized with the simple statement :
WHO can do WHAT on WHICH set of data
- Who : The User
- What : Individual actions a user can perform
- Which : The set of data
Basically security in Fusion Application is based on Role Based Access Control In Fusion Applications, this implementation is based on abstract, job, duty, and data roles that work together to control access to functions and data. The definitions of these functional roles are as follows:
- Abstract Role
- Job Role
- Data Role
- Duty Role
This role categorizes the roles for reference implementation. It inherits duty role but does not contain security policies. For example: Employee, Manager, etc.
This role defines a specific job an employee is responsible for. An employee may have many job roles. It may require the data role to control the actions of the respective objects. For example: Benefits Manager, Accounts Receivable Specialist, etc.
This role defines access to the data within a specific duty. Who can do what on which set of data? The possible actions are read, update, delete, and manage. Only duty roles hold explicit entitlement to the data. These entitlements control the privileges such as in a user interface that can see specific screens, buttons, data columns, and other artifacts.
This role defines a set of tasks. It is the most granular form of a role. The job and abstract roles inherit duty roles. The data security policies are specified to duty roles to control actions on all respective objects. Duty Role is the most granular form of role where mainly security policies are attached and they are implemented as application role in Authorization Policy Manager (APM)