Fusion Middelware - Policy store

Card Puncher Data Processing

Provider

The Policy Store is a repository of system and application-specific policies and roles.

The policy store provider provides access (and contains) to:

which forms a core part of the security policy and determines what users can and cannot see and do in an application (ie Oracle Business Intelligence for instance)

The policy store leverages the XACML security standard (eXtensible Access Control Markup Language).

There is exactly one policy store per domain.

The domain policy store is logically partitioned in stripes.

Stripe

An application stripe (typically, identical to the application name) identifies the subset of policies pertaining to a particular application. You use it also in the WLST script and if you omit it, you specify the policy for the system.

Weblogic Application Stripe

Location

A policy store can be:

  • file-based (default)
  • or LDAP-based (Oracle Internet Directory or Oracle Virtual Directory (with a local store adapter, or LSA).)

The store security file is located at:

  • 12: MiddlewareHome\user_projects\domains\bi\bidata\service_instances\ssi\metadata\authmodel\jazn\jazn-data.xml
  • 11: MiddelwareHome\user_projects\domains\bifoundation_domain\config\fmwconfig\system-jazn-data.xml

Management

You use Oracle Fusion Middleware Control to create and manage the Application Roles and Application Policies that control access to Oracle Business Intelligence resources.

Obiee11g Policy Store Provider

The Oracle Business Intelligence default policy store provider store Application Roles and Application Policies in files in the domain. You can reconfigure the domain to use Oracle Internet Directory, rather than files, to store Application Roles, and Application Policies.

Documentation / Reference





Discover More
Weblogic Em Application Role
Fusion Middelware - Application Role

Fusion Middelware Application uses a role-based access control model.Security is defined in terms of Application Roles that are mapped to directory server groups and users. Example of mapping between...
Obiee11g Security Overview
OBIEE 11G - Security

Oracle Business Intelligence uses a role-based access control model.Security is defined in terms of Application Roles that are mapped to directory server groups and users. To define a complete security...
Wlst Migratesecuritystore Migrateidstoremapping
WLST - migrateSecurityStore

Migration utility of the security stores: ... This utility works online and offline. More: You can find a configFile example: in the config fmw directory (fmw_home/user_projects/domains/bifoundation_domain/config/fmwconfig)...
Opss Architecture
Weblogic - Oracle Platform Security services (OPSS)

OPSS provides an abstraction layer in the form of standards-based application programming interfaces (APIs) that insulates developers from security and identity management implementation details. With...



Share this page:
Follow us:
Task Runner