10-4 Oracle Complex Event Processing Administrators Guide Once the domain has been created, the administrator can use Oracle CEP Visualizer to create a group and associate it with one or more roles: each role grants access to an application. When you assign a user to a group, the roles you associate with the group give the user the privileges to access those applications. For instructions on using Oracle CEP Visualizer to modify users, groups, and roles, see: ■ Managing Users in the Oracle Complex Event Processing Visualizer Users Guide ■ Managing Groups in the Oracle Complex Event Processing Visualizer Users Guide ■ Managing Roles in the Oracle Complex Event Processing Visualizer Users Guide For more information, see: ■ Section 10.8.4, Configuring HTTP Publish-Subscribe Server Channel Security ■ Section 10.1.8, Specifying User Credentials When Using the Command-Line Utilities ■ Chapter 3, Administrating Oracle CEP Standalone-Server Domains ■ Chapter 6, Administrating Multi-Server Domains With Oracle Coherence ■ Chapter 7, Administrating Multi-Server Domains With Oracle CEP Native Clustering

10.1.4 SSL

Oracle CEP provides one-way Secure Sockets Layer SSL to secure network traffic between Oracle CEP Visualizer and Oracle CEP server instances, between the Oracle CEP server instances of a multi-server domain, and between the wlevs.Admin command-line utility and Oracle CEP server instances. You can configure Oracle CEP to use a Federal Information Processing Standards FIPS-certified pseudo-random number generator for SSL. For more information, see: ■ Section 10.5, Configuring SSL to Secure Network Traffic ■ Section 10.1.5, FIPS ■ Section 6.3, Securing the Messages Sent Between Servers in a Multi-Server Domain BusinessUser wlevsBusinessUsers Has all Operator privileges as well as permission to update the Oracle CQL and EPL rules associated with the processor of a deployed application. Deployer wlevsDeployers Has all Operator privileges as well as permission to deploy, undeploy, update, suspend, and resume any deployed application. Monitor wlevsMonitors Has all Operator privileges as well as permission to enabledisable diagnostic functions, such as creating a diagnostic profile and recording events then playing them back. Operator wlevsOperators Has read-only access to all server resources, services, and deployed applications. Table 10–1 Cont. Default Oracle CEP Task Roles and Groups Task Role Group Privileges Configuring Security for Oracle CEP 10-5 ■ Oracle Coherence: Section 7.3, Securing the Messages Sent Between Servers in a Multi-Server Domain ■ Oracle CEP Native Clustering: Section A.4, Running wlevs.Admin Utility in SSL Mode

10.1.5 FIPS

The National Institute of Standards and Technology NIST creates standards for Federal computer systems. NIST issues these standards as Federal Information Processing Standards FIPS for use government-wide. Oracle CEP supports FIPS using the com.rsa.jsafe.provider.JsafeJCE security provider. Using this provider, you can configure Oracle CEP to use a FIPS-certified pseudo-random number generator for SSL. For more information, see: ■ Section 10.6, Configuring FIPS for Oracle CEP Server ■ Section 10.1.4, SSL ■ http:www.itl.nist.govfipspubs

10.1.6 Enabling and Disabling Security

After you configure SSL, you can configure the Oracle CEP server to accept only client requests on the HTTPS port. See Section 10.7, Configuring HTTPS-Only Connections for Oracle CEP Server . Optionally, you can disable security. See Section 10.10, Disabling Security .

10.1.7 Security Utilities

Oracle CEP provides a variety of command-line utilities to simplify security administration. In addition to command-line utilities, you can use Oracle CEP Visualizer to perform many security tasks. For more information, see: ■ Appendix C, Security Utilities Command-Line Reference ■ Section 10.1.8, Specifying User Credentials When Using the Command-Line Utilities ■ Security Tasks in the Oracle Complex Event Processing Visualizer Users Guide

10.1.8 Specifying User Credentials When Using the Command-Line Utilities

Oracle CEP provides the following command-line utilities for performing a variety of tasks: ■ wlevs.Admin: a command-line interface to administer Oracle CEP and, in particular, dynamically configure the rules for Oracle CQL and EPL processors and monitor the event latency and throughput of an application. See Appendix A, wlevs.Admin Command-Line Reference for details ■ Deployer: a Java-based deployment utility that provides administrators and developers command-line based operations for deploying Oracle CEP applications. See Appendix B, Deployer Command-Line Reference for details.