Provider
The Policy Store is a repository of system and application-specific policies and roles.
The policy store provider provides access (and contains) to:
- Application Roles (to create functional group)
- and Application Policies (to define Oracle BI Server, BI Publisher, and Real Time Decisions functionality permissions),
which forms a core part of the security policy and determines what users can and cannot see and do in an application (ie Oracle Business Intelligence for instance)
The policy store leverages the XACML security standard (eXtensible Access Control Markup Language).
There is exactly one policy store per domain.
The domain policy store is logically partitioned in stripes.
Articles Related
Stripe
An application stripe (typically, identical to the application name) identifies the subset of policies pertaining to a particular application. You use it also in the WLST script and if you omit it, you specify the policy for the system.
Location
A policy store can be:
- file-based (default)
- or LDAP-based (Oracle Internet Directory or Oracle Virtual Directory (with a local store adapter, or LSA).)
The store security file is located at:
- 12: MiddlewareHome\user_projects\domains\bi\bidata\service_instances\ssi\metadata\authmodel\jazn\jazn-data.xml
- 11: MiddelwareHome\user_projects\domains\bifoundation_domain\config\fmwconfig\system-jazn-data.xml
Management
You use Oracle Fusion Middleware Control to create and manage the Application Roles and Application Policies that control access to Oracle Business Intelligence resources.
The Oracle Business Intelligence default policy store provider store Application Roles and Application Policies in files in the domain. You can reconfigure the domain to use Oracle Internet Directory, rather than files, to store Application Roles, and Application Policies.