What You May Need to Know About the Custom Permissions for the Rules Editor Component
For role-based authorization, Rules DC implements custom JAAS permissions (extending the oracle.adf.share.security.authorization.ADFPermission
class to ensure that the permission can be used by ADF security).
If a Rules Editor application supports ADF security, which means there is support for role-based authentication and authorization, then security is enforced by implementing custom JAAS permissions (by extending the oracle.adf.share.security.authorization.ADFPermission
class to ensure that the permission can be used by ADF security). You have to create ADF security policies by granting the following permissions to the user roles based on your application requirement:
-
oracle.rules.adf.permission.AddRulePermission
: Displays the Add Rule button; if permission is not granted, the Add Rule button is not visible to the user. -
oracle.rules.adf.permission.DeleteRulePermission
: Displays the Delete Rule button; if permission is not granted, the Delete Rule button is not visible to the user. -
oracle.rules.adf.permission.EditRulePermission
: Displays the Edit Rule button for rules inside a ruleset; if permission is not granted, then the rules are view-only. -
oracle.rules.adf.permission.AddDTPermission
: Displays the Add Decision Table button; if permission is not granted, the Add Decision Table button is not visible to the user. -
oracle.rules.adf.permission.DeleteDTPermission
: Displays the Delete Decision Table button; if permission is not granted, the Delete Decision Table button is not visible to the user. -
oracle.rules.adf.permission.EditDTPermission
: Displays the Edit Decision Table button for decision tables within a ruleset; if permission is not granted, the decision tables are view-only. -
oracle.rules.adf.permission.RulesEditorPermission
: A global permission that sets all the preceding permissions totrue
.
For example, to grant the delete rule permission to a role, specify the following code in the jazn-data.xml
file of the application:
<policy-store> <applications> <application> <name>UseRuleDictDCWtPerm</name> <app-roles> <app-role> <name>Admin</name> <class>oracle.security.jps.service.policystore.ApplicationRole</class> <display-name>Admin</display-name> <members> <member> <name>admin</name> <class>oracle.security.jps.internal.core.principals.JpsXmlUserImpl</class> </member> </members> </app-role> <app-role> <name>BusinessUser</name> <class>oracle.security.jps.service.policystore.ApplicationRole</class> <display-name>BusinessUser</display-name> <members> <member> <name>buser</name> <class>oracle.security.jps.internal.core.principals.JpsXmlUserImpl</class> </member> </members> </app-role> </app-roles> <jazn-policy> <grant> <grantee> <principals> <principal> <class>oracle.security.jps.service.policystore.ApplicationRole</class> <name>Admin</name> </principal> </principals> </grantee> <permissions> <permission> <class>oracle.rules.adf.permission.RulesEditorPermission</class> <name>RulesEditorPermission</name> <actions>access</actions> </permission> </permissions> </grant> </jazn-policy> </application> </applications> </policy-store>
If you do not want to use the individual permissions, such as AddRulePermission
or DeleteRulePermission
, you can set the RulesEditorPermission
in the jazn-data.xml
file to set global permissions.