View Allowed Resources Enablement Status

The Allowed Resources feature reduces the attack surface of Oracle E-Business Suite (EBS) by enabling the creation of an allow list of resources — JavaServer Pages (JSPs) and servlets — that are permitted to be accessed in your environment.

In the Management by Resource page for Allowed Resources, a new indicator shows if the feature is enabled as shown with the text "Allowed Resources is enabled." as shown below. The indicator status is based on the value of the Security: Allowed Resources (FND_SEC_ALLOWED_RESOURCES) profile option.

Management by Resource

Management by Resource: Allowed Resources is enabled

Steps to Enable

The steps to enable and configure Allowed Resources is documented in the Allowed Resources of Oracle Application Object Library Security in the Oracle E-Business Suite Security Guide.  

Allowed Resources is delivered and enabled by default (or "turned on") with Oracle E-Business Suite Release 12.2.7 or R12.ATG_PF.C.Delta.7. The feature is also delivered through the October 2020 and later Critical Patch Update (CPU) for Oracle E-Business Suite Release 12.2.6 and earlier releases. 

Note: Even though Allowed Resources may be enabled by default for your environment, in order to take full advantage of the security offered by this feature, it is recommended that you refine the configuration based upon your use of EBS. For a strategic outline of how to configure Allowed Resources for your environment, see How to Use Allowed Resources in Allowed Resources of the Oracle E-Business Suite Security Guide.

Tips And Considerations

Key tips for enabling and configuring Allowed Resources are as follows:

  1. Set the profile options for Allowed Resources to enable it.
  2. Identify and deny access to Oracle E-Business Suite products that are not used in your environment.
  3. Add your custom resources.
  4. Populate usage data.
  5. Identify and deny access to specific resources based upon usage.
  6. Continue to improve the list of resources.

Key Resources

Allowed Resources in Oracle Application Library Security in the Oracle E-Business Suite Security Guide.