Saturday, 21 January 2017

Security

  • RBAC
    • 3 AP Job Roles - Manager, Supervisor, Specialist
    • AP data roles - (Job role + BU) eg: ap_supv_operations
    • Abstract roles - Employee, Line Manager, etc xxx_abstract

Why Abstract role? What does that mean?
  •  User/Role/Privilege hierarchy 
    • LDAP Policy Store -> Application Roles
      • Resource(code artifact)
      • Privilege
      • Duty role
    • LDAP Identity Store -> Users & Enterprise roles
      • Job role
      • Data role
      • User 
  • Function Security
    • Permission grant changes(new taskflows, jspx)
      • Add/update directly in Jazn
    • Role hierarchy and privilege changes
      • PM makes change in ADR
      • Dev requests regeneration of JAZN 
      • Dev sync up ADR jazn with ADE jazn
    • Troubleshooting
      • Roles inherited can be viewed from fnd_session_roles
      • Use LDAP browser to verify role hierarchy & permissions grants
  • Data Security
    • Appends security predicate to SQL. Predicate is constructed based on grants data
    •  
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)