Object Privileges  «Prev  Next»

Lesson 4Using Security Manager
ObjectiveGrant Object Privileges by using Security Manager

Using Security Manager

Although the syntax for granting security privileges is simple, assigning privileges for large numbers of users and objects can be confusing. The Oracle Enterprise Manager (OEM), which was introduced earlier in this course, includes a module specifically designed for handling privileges known as the Security Manager.

Security Manager

The Security Manager module provides a graphical interface that displays all of the information related to Oracle security. You can change user passwords, assign system and object privileges for a user, or even see the roles each user can assume. Roles will be covered extensively later in this course.
You can grant security privileges or take them away, as long as you have the right to perform these actions.
The best way to understand Security Manager is to use the Simulation below, which illustrates the process of granting a privilege for a table.
using Oracle Security Manager
The next lesson shows how to list the privileges granted on a table.

Set Up the IT Security Manager Job Role

Provision the IT Security Manager job role with roles for user and role management.
  1. Using the OIM Administrator user name and password, sign in to Oracle Identity Manager (OIM).
  2. Open the IT Security Manager job role's attributes and use the Hierarchy tab to add the User Identity Administrators role and the Role Administrators role in the OIM Roles category using the Add action. Use the Delegated Administration menu to search for the Xellerate Users organization and assign it to the IT Security Manager role. Refer to the Oracle Fusion Middleware User's Guide for Oracle Identity Manager.

Prerequisite Tasks for Security Administration

Sign into Oracle Fusion Applications for the first time with the Installation Super User account to synchronize LDAP users with HCM user management and create an IT security manager user account and provision it with the IT Security Manager role. For environments that are not in Oracle Cloud, use the super user account that was created during installation to sign in for the first time.
  1. Installation establishes the super user account. Refer to the Oracle Fusion Applications Installation Guide.
  2. Oracle provides an initial user for accessing your services in Oracle Cloud. For more information, refer to "Oracle Cloud Application Services Security: Explained" in Oracle Cloud documentation.
  3. Synchronize LDAP users with HCM user management by performing the Run User and Roles Synchronization Process task. Monitor completion of the predefined Enterprise Scheduler process called Retrieve Latest LDAP Changes.
  4. Refer to information about creating person records in Oracle Fusion Applications Workforce Development Implementation Guide, or refer to the Oracle Fusion Middleware User's Guide for Oracle Identity Manager.
As a security guideline, provision a dedicated security professional with the IT Security Manager role as soon as possible after initial security setup and revoke that role from users provisioned with the Application Implementation Consultant role. If entitled to do so, see Security Tasks and Oracle Fusion Applications: How They Fit Together for details about provisioning the IT security manager.

Required Security Administration Tasks

Establish at least one implementation user and provision that user with sufficient access to set up the enterprise for all integrated Oracle Fusion Middleware and all application pillars or partitions.
  1. Perform the initial security tasks. If entitled to do so, see Initial Security Administration: Critical Choices.
    Sign in to Oracle Fusion Applications using the IT security manager's or administrator's user name and password, and create and provision users who manage your implementation projects and set up enterprise structures by performing the Create Implementation Users task. Refer to the Oracle Fusion Middleware User's Guide for Oracle Identity Manager.
    Create a data role for implementation users who will set up HCM that grants access to data in secured objects required for performing HCM setup steps. Provision the implementation user with this View All data role.
  2. For an overview of security tasks from the perspective of an applications administrator, refer to the Oracle Fusion Applications Administrator's Guide