tailieunhanh - Applied Oracle Security: Developing Secure Database and Middleware Environments- P43
Applied Oracle Security: Developing Secure Database and Middleware Environments- P43:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 394 Part III Identity Management Oracle Identity Manager - Windows Internet Explorer Workflow Designer Workflow Configuration Task Library Display Options Generate Image Legend Refresh Save Workflow Name foo Workflow Type Approval For Resource AD User Rule Name Assignment Type Assign To Adapter Email Template Send Email Escalation Time ms Indicates Required Field Apply Close FIGURE 9-6 Configuring an OIM workflow assignment rule 3. Double-click the newly created task and go to the Assignment tabs. 4. Edit the Default rule and select the Assignment Type as shown in Figure 9-6. 5. Select the Request Target User s Manager type which is configured to route approval through the requesting end user s manager. 6. Once both the tasks are set up and configured appropriately build the process sequence by right-clicking the Start icon and selecting Add Non-Conditional Task. Then drag the arrow to your first task Manager Approval . 7. Right-click the Approve box of your first task select Add Response Generated Task and drag the arrow to the second task App Admin Approval to finish out the workflow. Figure 9-7 on the next page illustrates the completed view of this. Access Policy-driven Provisioning Recall the two keys questions that drive user provisioning efforts Who has access to what resources Who should have access to what resources Chapter 9 Oracle Identity Manager 395 FIGURE 9-7 OIM Workflow Designer Request-driven provisioning certainly helps us answer the first question since all user provisioning occurs through a centralized process and is therefore tracking who is being provisioned where. However for the second question the request-driven style is not taking responsibility for ensuring if a user should access a certain resource since the provisioning occurs in a discretionary manner. To address this issue corporate security has to lend a hand by providing us a set of access policies that define rules regarding who should access what. Once those policies are defined .
đang nạp các trang xem trước