1-6 Oracle Fusion Middleware Users Guide for Oracle B2B If you migrate instance stores that contain obfuscated payloads, then you must ensure that you export the Credential Store Framework CSF as well, because the CSF has the key to unobfuscate those payloads the same key is used for obfuscation and unobfuscation. If this is a new store, then no migration is required because the key is created if not already present the first time the payload is obfuscated. A payload that was obfuscated and persisted in Oracle B2B is passed unobfuscated to other SOA components within a composite application, when using the Default or JMS integration types. Users viewing this unobfuscated payload in other SOA components are responsible for ensuring that the payload is obfuscated and persisted securely, and that users are authorized to view the payload.

1.4.2 Restricting Access to Document Types

Oracle B2B supports payload security by restricting access based on document type. The following user permissions for document-type access are available: ■ Admin permission for all document types With this permission, the user can add, access, edit, and delete all document types. This user also has access to administrative functions such as import, export, and purge. ■ Admin permission for specified document types With this permission, the user can access, edit, and delete the specified document types for which he has permission. The user is not allowed to access, edit, or delete the restricted document types. The user cannot add new document types or have access to any administrative functions such as import, export, and purge. ■ Monitor permission for all document types With this permission, the user can access and view but not edit or delete all document types. ■ Monitor permission for specified document types With this permission, the user can access and view but not edit or delete the specified document types. The user cannot access and view the restricted document types. The default administrator user can restrict document-type access to other roles as follows: ■ The host administrator can be granted access to all document types, in which case this user can restrict document-type access to other host or remote administrators. ■ The host administrator can be granted access only to specified document types, in which case this user cannot restrict document-type access to other host or remote administrators. ■ The remote administrator can be granted access to specified document types only, or all document types pertaining to the remote trading partner. In either case, the remote trading partner administrator cannot create document types in the system, or provision users for that particular remote trading partner. Users can only be provisioned by a host trading partner administrator user. ■ The host monitor can be granted view-only access to all document types or to specified document types, but cannot restrict document-type access to other users. ■ The remote monitor can be granted view-only access to all document types pertaining to the remote trading partner or to specified document types pertaining Introduction to Oracle B2B 1-7 to the remote trading partner, but cannot restrict document-type access to other users. See Task 3, Add Document Types That the User Has Permission to Access in Section 5.3, Adding Trading Partner Users, for how to specify document-type access in the Oracle B2B interface. When access to specific document types is restricted, consider the following: ■ New document definitions for a restricted document type cannot be added. ■ No document types can be imported, exported, or purged. ■ No document types can be modified on the Partners Documents tab, as shown in Figure 1–1 . Figure 1–1 Accessing a Restricted Document Type from the Documents Tab The image shows that the selected document type is restricted for the logged-in user. The error message User does not have access to the document type. Selected definition cannot be accessed appears. ■ The restricted document types are listed, but details cannot be viewed or accessed, on the following tabs: – Administration Document tab – Reports tabs – Metrics tabs Note: Admin users with access to all Administration tab functions lose admin privileges when permission for any or all document types is assigned, and the Administration tab is no longer available.