|| Data plays to be a vital for any organisation and managing the data is not
an easy task.||
We have list down some brief points on managing the data security policies in Oracle Fusion.
We have list down some brief points on managing the data security policies in Oracle Fusion.
Managing Data Security Policies
A data security policy is a grant of a set of
privileges to a principal on an object or attribute group for a given
condition. A grant authorizes a role, the grantee, to actions on a set of
database resources. A database resource is an object, object instance,
or object instance set. An entitlement is one or more allowable actions applied
to a set of database resources.
The following table describes the ways through which
data is secured.
Data security feature
|
Does what?
|
Data
security policy
|
Defines
the conditions in which access to data is granted to a role.
|
Role
|
Applies
data security policies with conditions to users through role provisioning.
|
HCM
security profile
|
Defines
data security conditions on instances of object types such as person records,
positions, and document types without requiring users to enter SQL code
|
Data Security Policies
Data security policies articulate the security
requirement "Who can do what on which set of data."
The following table provides an example, accounts
payable managers can view AP disbursements for their business unit.
Who
|
can do
|
what
|
on which set of data
|
Accounts
payable managers
|
view
|
AP
disbursements
|
for
their business unit
|
A data security policy defines the grant by which a
role secures business objects. The grant records the following.
· Table
or view
· Entitlement
(actions expressed by privileges)
· Instance
set (data identified by the condition)
HCM Security Profiles
You can use HCM security profiles to generate grants
for a job role such as Manager. The resulting data role with its role hierarchy
and grants operates in the same way as any other data role.
For example, an HCM security profile identifies all
employees in the Finance division.
Applications outside of HCM can use the HCM Data Roles
UI pages to give roles access to HR people.
Advanced Data Security: Explained
Advanced Data Security offers two types of added data
protection. Database Vault protects data from access by highly privileged users
and Transparent Data Encryption encrypts data at rest
* Oracle Database Vault:
Database Vault reduces the risk of highly privileged
users such as database and system administrators accessing and viewing your
application data. This feature restricts access to specific database objects,
such as the application tables and SOA objects
* Transparent Data Encryption:
Transparent Data Encryption (TDE) protects Oracle
Fusion Applications data which is at rest on the file system from being read or
used.Data in the database files (DBF) is protected because DBF files are
encrypted. Advanced security enables encryption at the tablespace level on all
tablespaces which contain applications data. This includes SOA tablespaces
which might contain dehydrated payloads with applications data.
P.S: If you like this content share it with your colleagues and friends.
