Successive Layers of Access Control
Access Control with Oracle User Management
is implemented in successive layers and each layer builds upon the one that
precedes it. Organizations can, optionally, uptake the various layers depending
on the degree of automation and scalability they wish to build upon the
existing Function and Data Security models.
There are six layers of access control.
The Core Security layers include:
•
Function Security
•
Data Security
The next four layers are part of Oracle
User Management:
•
Role-Based Access
Control
•
Delegated
Administration
•
Registration
Processes
•
Self Service and
Approvals
Increasing Flexibility and Scalability
In general, access control with Oracle
User Management (OUM) begins with basic system administration tasks, and then
progresses to more distributed, local modes of administration, ultimately
enabling users to perform some basic, predefined registration tasks on their
own. Details of the various levels of access control, and the increasing level
of flexibility and automation that they provide are provided later in the
lesson. However, the following general guidelines may be considered for now:
System Administrator
Oracle’s Function Security and
Data Security mechanisms constitute the base layers of the security system, and
contain the traditional system administrative capabilities. Organizations can,
optionally, add more layers to the system depending on the degree of
flexibility they want.
By themselves, Function Security and Data
Security limit the scope of OUM to basic system administration by granting
access to specific menus and to the data accessed from within those menus.
Local Administrators
When Role-Based Access Control and
Delegated Administration are added to the Data Security and Function Security
layers, system administration tasks can be distributed to local administrators
who manage a subset of the organization’s users.
End Users
Registration Processes and Self Service and Approvals
distribute system administration further by automating some registration tasks
so that end users can perform them.
Self Service and Approvals
After the registration processes have been
configured as per requirements, individuals can subsequently perform
self-service registration tasks, such as obtaining new user accounts or
requesting additional access to the system. In addition, organizations can use
the Oracle Approvals Management engine to create customized approval routing
for these requests.
Example
An organization may enable users to request a
particularly sensitive role. However, before the user is granted the role, the
organization can specify that two approvers, a manager and a vice president,
must provide their approval.
As for me it is better to use Ideals virtual data room for security of data. I uploaded all my documents into the room and now they are available for my all time and secured very well.
ReplyDelete