Security for Oracle Real-Time Decisions 4-9

4.3.1 Default Oracle Real-Time Decisions Application Grants

The default file-based policy store includes pre-configured application grants. Oracle RTD uses the permission class, oracle.security.jps.ResourcePermission, which references attributes of the resource types listed in Table 4–4 . Table 4–5 lists the default application roles, Oracle RTD resource types, resource names, and actions in the default application grants after installation. Table 4–4 Oracle RTD Resource Types and Actions Type of Resource Resource Type Name Stored in Application Grants Action[:Qualifier] Comments Inline Service rtd_ils choice_editor May execute any methods of the ExternalChoice web service for the named Inline Service. decision_service:normal May execute any integration points advisors and informants for the named Inline Service. Action qualifier normal allows integration point requests to be executed in the server. decision_service:stress May execute any integration points Advisors and Informants for the named Inline Service. Action qualifier stress allows LoadGen to issue integration point calls. To be accepted by the server, the user also needs the normal action. open_service:read Authorizes the use of Decision Center to open the named Inline Service for viewing. Also authorizes the External Rule Editor to access the named Inline Service, since the External Rule Editor does not need to update the content of the Inline Service. open_service:write Authorizes the use of Decision Center to open the named Inline Service for editing. deploy_service Authorizes the deployment of the named Inline Service from Decision Studio. download_service Authorizes the use of Decision Studio to download the named Inline Service from a server. clear_choice_history Authorizes the clearing of the choice history for the named Inline Service through the Administration web service. clear_study Authorizes the clearing of the study for the named Inline Service through the Administration web service. A study is not shared by multiple Inline Services, so naming the owning Inline Service is equivalent to naming the study. clear_statistics Authorizes the clearing of the statistics for the Inline Service through the Administration web service. clear_model Authorizes the clearing of the model for the named Inline Service through the Administration web service. clear_operational_data Authorizes the clearing of the operational data for the named Inline Service through the Administration web service. delete_service Authorizes the deletion of the named Inline Service through the Administration web service. unlock_service Authorizes the unlocking of the named Inline Service through the Administration web service. Decision Center Perspective rtd_dc_persp dc_perspective Open the named Decision Center Perspective, to have Decision Center render its specialized set of UI elements or capabilities. Registered Batch Job Type rtd_batch batch_admin May execute any methods of the BatchManager web service to start, stop, or query the status of the registered batch job type name. 4-10 Oracle Fusion Middleware Administrators Guide for Oracle Real-Time Decisions In the Fusion Middleware Control Application Policies screen, the application roles and permissions appear under the headings Principal and Permission, as shown in Figure 4–3 . Note: The resource name _all _ is a special name that matches any Oracle RTD resource name of the associated resource type. Table 4–5 Default Application Grants for Oracle RTD Users Application Role Resource Type Resource Name Action[:Qualifier] BIAdministrator rtd_ils _all_ open_service:read _all_ open_service:write _all_ deploy_service _all_ download_service _all_ choice_editor _all_ decision_service:normal _all_ decision_service:stress _all_ clear_choice_history _all_ clear_study _all_ clear_statistics _all_ clear_model _all_ clear_operational_data _all_ delete_service _all_ unlock_service rtd_dc_persp _all_ dc_perspective rtd_batch _all_ batch_admin BI Author rtd_ils _all_ open_service:read _all_ open_service:write _all_ deploy_service _all_ download_service _all_ decision_service:normal _all_ decision_service:stress rtd_dc_persp _all_ dc_perspective BI Consumer rtd_ils _all_ open_service:read _all_ choice_editor _all_ decision_service:normal rtd_dc_persp Explore dc_perspective At a Glance dc_perspective rtd_batch _all_ batch_admin Security for Oracle Real-Time Decisions 4-11 Figure 4–3 Example of Permissions in Fusion Middleware Control For details of how to create and edit application roles and application policies, see Section 4.7.4, Managing the Policy Store Using Fusion Middleware Control.

4.3.2 Examples of Oracle RTD Permissions