4 Security Manager
- Create and manage user groups.
- Configure security authorization levels, policies and privileges for user groups.
- Provide specific access controls for individual user groups, views, and operations.
- Limit access to specific features and functionality for specific users.
- Configure audit log parameters.
Configure User Groups
A user group is a logical construct that the Oracle® Session Delivery Management Cloud ( Oracle SDM Cloud) uses to specify the authorization privileges that users assigned to certain groups inherit. Oracle SDM Cloud automatically adds the roles directly to the user roles on the Identity and Access Management (IAM) portal.
- Administrators
- Provisioners
- Monitors
While you cannot modify the default User Groups, you can add and modify customized User Groups to create your own authorization policies. When you add a new User Group, Oracle SDM Cloud automatically adds the group to your IAM.
Note:
Do not add a new role to your Oracle SDM Cloud application through IAM. If you require a new role on the Oracle SDM Cloud application, add a new group using Security Manager in Oracle SDM Cloud.
Add a User Group
Once you've added a new user group in the Oracle® Session Delivery Management Cloud (Oracle SDM Cloud), which will appear as a new role in Identity and Access Management (IAM) and Access Management (IAM). Once you have assigned a user to a role, that user will inherit the group-based privileges.
Apply or Change User Group Privileges
You can apply privileges to user groups that you add to allow or deny all users within this user group the ability to perform certain operations. This includes items intended for use with separate Oracle SDM Cloud managers. For the default administrators, provisioners, and monitor user groups, only device group privileges can be changed.
User group privileges that are assigned to the administrators user groups inherit most of the same access privileges.
All user group privileges that are available through Oracle SDM Cloud are described in the following sections.
Apply User Group Privileges for Device Groups
Use this task to apply user-group privileges for device groups that appear on the Device Manager slider.
Apply User Group Privileges for Application Management Operations
- Expand the Security Manager slider and select User management, Groups.
- In the User Groups pane, choose the group you want to modify from the User Groups table and click Edit.
- Click the Applications tab and click the folder and subfolder sliders to expand the item operations list.
- Choose the item row in the operation category table that you want to modify and click the Privileges column to activate the drop-down list.
- In the Privileges drop-down list, choose the following
user group privilege options for folders or items in the
Applications table described below:
- Full—Allowed to perform application management options.
- None—Not allowed to perform application management operations.
- View—Allowed to monitor only.
Applications folder Allows access to Dashboard Manager, Monitoring Manager, and Route Manager options. Dashboard Manager folder Set the privileges for all the dashboard and portlet customization operations on the Dashboard Manager slider. Dashboard Customization item Allows access to the dashboard designer and portlet designer for custom dashboards and portles. Monitoring Manager folder Assign privileges for all of the operations related to monitoring an OCSM. Calls item Set privileges for the add, edit, copy, and apply filters used to filter the Recent Calls table, accessible on the Monitoring Manager slider. Note:
Users with View permissions only are able to view and apply filters.Admin folder Set the privilege for the Admin permissions. If None is selected, the does not appear under Monitoring Manager. ME Recent Call Access item Allows the user to disable the ME and to set the time range to fetch the recent calls from OCSM. Route Manager folder Assign the privileges for all the operations related to managing routes. Route set item Sets privileges to manage routes and route sets, manage templates, and manage device associations.
Audit Logs
You can use the audit log (containing audit trails) generated by Oracle SDM Cloud to view performed operations information, which includes the time these operations were performed, whether they were successful, and who performed them when they were logged into the system.
Note:
Audit logs contain different information depending on the feature functionality.Audit trails include the following information:
- The user who performed the operation.
- What operation was performed by the user.
- When the operation was performed by the user.
- Whether the operation performed by the user was successful or failed.
View and Save an Audit Log
The audit log tracks user-initiated events. The following list describes some examples of user events that are audit logged in Oracle SDM Cloud:
- User logins and logouts.
- Managed devices are added.
- Device groups are added.
- Oracle Communications Session Delivery products are loaded.
- An element is added, deleted, or modified.
- A device is rebooted.
- Configurations are saved or activated.
IAM
- Oracle SDM Cloud FQDN
- Oracle SDM Cloud Tenant ID
- IDCS FQDN
- IDCS Tenant ID
- Management Cloud Engine (MCE) IDCS client ID
- MCE IDCS client secret
This information is required as input when installing and setting up the MCE on-premises. For more information, see the Oracle SDM Cloud Installation Guide.