2
Managing Security 2-1
2
Managing Security
This section contains the following topics:
■
Section 2.1, Security Model Overview
■
Section 2.2, Definition and Definition Management Security
■
Section 2.3, System Level Security
2.1 Security Model Overview
Access to Oracle IPM is granted through the configured credential store managed within the Oracle WebLogic Server domain using the available Oracle WebLogic
Server providers. Once access to IPM is granted, specific features within Oracle IPM require security rights assigned by an Oracle IPM administrator or user designated to
grant rights to a specific feature.
The first person to log in to Oracle IPM after initial installation is granted full rights to all features, in order to properly set up an Oracle IPM solution to meet company
needs. After the system is properly set up, security rights can be changed or revoked if necessary. Additionally, initial security rights can be reset if the credential store has
been changed during set up. See
Section 2.1.2, Installation Security Initialization for
more information.
2.1.1 System Access
Oracle WebLogic Server controls user and group access to Oracle IPM and its repository as managed servers running within the WebLogic Server domain. System
security configuration and SSL connection configuration are handled through the Oracle WebLogic Server console. Oracle WebLogic Server controls can link to the
Note: When Oracle IPM is first deployed, the role of IPMSYS_
ADMIN is created within Oracle Content Server. This role provides specialized security rights necessary for Oracle IPM and Oracle
Content Server to operate together. The IPMSYS_ADMIN role is not intended for public use. This role is created and managed
programmatically by the Oracle IPM system.
Changes to the security rights assigned to the role or adding or removing users associated with that role will have a negative impact
on the operation of both Oracle IPM and Oracle Content Server. One such negative impact is that any users added to this role will be
deleted from the Oracle Content Server system.
2-2 Administrators Guide for Oracle Imaging and Process Management
WebLogic Server domain managing Oracle IPM if additional services are required, such as Oracle Internet Directory or single sign on using Oracle Access Manager.
Access to Oracle IPM through web services is controlled by Oracle Web Services Manager OWSM policies. Policies are configured through the Oracle WebLogic
Server console. Some policies require a keystore be defined. For example, Oracle IPM must use access credentials stored in Credential Store Framework CSF to
communicate with a workflow server or to use SSL. Keystores can be defined using Keytool from the Java Development Kit. Credentials can be added to defined keystores
using WebLogic Scripting Tool WLST.
Figure 2–1 Oracle IPM Security Overview
For additional information, see the following documentation:
Note: When configuring Oracle IPM for use with Oracle Access
Manager, you must protect the imagingfaces directory. Failure to do so prevents access to the Oracle IPM Viewer.
Note: Oracle Content Server account and collaboration security can
be enabled on an Oracle Content Server repository being used by Oracle IPM, however Oracle IPM does not support their use on
Oracle IPM documents.
Table 2–1 Additional System Security Documentation
Task Where to Go For More Information
Administering Oracle WebLogic Server
Oracle Fusion Middleware Administrators Guide Using WebLogic Scripting
Tool Oracle Fusion Middleware WebLogic Scripting Tool Command
Reference Administering Universal
Content Management Oracle Fusion Middleware System Administrators Guide for Oracle
Content Server
Managing Security 2-3
2.1.2 Installation Security Initialization