Data Visibility
Protect data using role authorization.
For the list of service roles, see Oracle Integration Service Roles.
Security goal | Owner | More information |
---|---|---|
Secure access to design-time auditing data |
Instance users with the ServiceAdministrator role, or project administrators with the ServiceDeveloper role |
About design-time log data A design-time log is available for all integration artifacts. The log includes actions, the people who completed them, and the time they completed them. To learn more, see View the Design-Time Audit in Using Integrations in Oracle Integration 3. How to secure access For integrations that are outside a project, all log data is visible to anyone who can sign in to the Oracle Integration instance. The only way to restrict access to log data is to create an integration in a project, and restrict access to the project using role-based access control. If someone doesn't have view permissions in a project, the person can't view the log data for integrations in the project. See Projects: Control User Access. |
Secure access to runtime auditing information |
Instance users with the ServiceAdministrator role, or project administrators with the ServiceDeveloper role |
About the activity stream Runtime auditing in Oracle Integration appears in the activity stream, which shows details about the movement of messages through an integration. The activity stream also includes message payloads. Different tracing levels are available Several levels of tracing are available for the activity stream. The tracing level determines the following information:
If you need to keep the data for longer You cannot change the amount of time for which the activity stream persists in Oracle Integration. However, you can save the activity stream details for a longer period of time and perform additional audit activities in the Oracle Cloud Infrastructure Console. See Capture the Activity Stream of Integrations in the Oracle Cloud Infrastructure Console in Provisioning and Administering Oracle Integration 3. Your responsibilities
|
Keep sensitive data out of tracking variables |
Instance users with the ServiceDeveloper role |
About tracking variables An integration developer can track message fields during runtime by defining business identifiers on payload fields. During runtime, users can view details about the status of the business identifiers and their values. Recommendations Do not use a tracking variable to store information that might violate privacy rules or standards, such as:
|
Ensure that your organization's data loss prevention policy includes guidance on creating backups of assets from Oracle Integration |
An instance user with the ServiceAdministrator can export any project An instance user with the ServiceDeveloper can export a project if they have Edit permissions for the project An instance user with the ServiceDeveloper can export individual integration artifacts outside a project |
To protect against human error and insider threats, you have the following options:
If you choose to export data, you're responsible for managing the exported data appropriately. If needed, you can import the exported integration artifacts into another instance. |