1. Working with Oracle Forms
  2. Security
  3. Security Configuration

Security Configuration

Configuring security for Oracle Forms Services is done through Oracle Fusion Middleware Control.

To configure Oracle Forms options for Oracle Fusion Middleware Security Framework, see the Administration part of this guide.

To configure Oracle Identity Management options for Oracle Forms, see Using Forms Services with Oracle Access Manager. Oracle Forms Services can be configured to create resources dynamically in Oracle Platform Security Services or Oracle Internet Directory.

To enable, configure, and manage Forms Trace and to view Forms Trace output, see Tracing and Diagnostics.

Online Help is also provided for the Oracle Fusion Middleware Control screens.

Securing RADs Stored in Oracle Internet Directory

To increase the security of RADs and prevent them from being viewable by the Oracle Internet Directory (OID) administrator, perform the following steps:

  1. Copy the contents enclosed by ---aci-change.ldif--- into the file aci-change.ldif
    ---aci-change.ldif---
dn: cn=Extended Properties,%s_OracleContextDN%
changetype: modify
delete: orclaci
orclaci: access to attr=(orclUserIDAttribute,orclPasswordAttribute) by
guidattr=(orclOwnerGUID)(read,search,compare,write) by
dnattr=(orclresourceviewers) (read,search, compare, write) by
groupattr=(orclresourceviewers) (read,search, write) by * (none)
-
add: orclaci
orclaci: access to attr=(orclUserIDAttribute,orclPasswordAttribute)
DenyGroupOverride by guidattr=(orclOwnerGUID)(read,search,compare,write) by
dnattr=(orclresourceviewers) (read,search, compare, write) by
groupattr=(orclresourceviewers) (read,search, write) by * (none)
---aci-change.ldif---

    Note:

    In aci-change.ldif, the line beginning with orclaci: access to attr= is a single line ending with by * (none) and should not have any line breaks in the middle.

  2. In the LDIF file, replace %s_OracleContextDN% with the distinguished name (DN) of the realm-specific Oracle Context.

    For example, if the DN in the deployment is dc=acme,dc=com, then the realm-specific Oracle Context is cn=OracleContext,dc=acme,dc=com.

  3. Execute the following command on the OID tier:

    ldapmodify -p <port> -h <host> -D cn=orcladmin -q -v -f aci-change.ldif

  4. When this command is run, it will prompt for the cn=orcladmin password since the password is not included as a command-line parameter.

To undo these changes, issue the same command (subject to the notes as above), but using the following contents in the .ldif file: 

---aci-revert.ldif---
dn: cn=Extended Properties,%s_OracleContextDN%
changetype: modify
delete: orclaci
orclaci: access to attr=(orclUserIDAttribute,orclPasswordAttribute)
DenyGroupOverride by guidattr=(orclOwnerGUID)(read,search,compare,write) by
dnattr=(orclresourceviewers) (read,search, compare, write) by
groupattr=(orclresourceviewers) (read,search, write) by * (none)
-
add: orclaci
orclaci: access to attr=(orclUserIDAttribute,orclPasswordAttribute) by
guidattr=(orclOwnerGUID)(read,search,compare,write) by
dnattr=(orclresourceviewers) (read,search, compare, write) by
groupattr=(orclresourceviewers) (read,search, write) by * (none)
---aci-revert.ldif---