4 Security for Oracle Real-Time Decisions 4-1 4 Security for Oracle Real-Time Decisions Oracle Real-Time Decisions integrates seamlessly with the Oracle Fusion Middleware platform and they share a common security framework and features. This chapter includes an overview of the security framework to provide background for understanding the overall security model. For more information about the Oracle Fusion Middleware platform and the common security framework, see Oracle Fusion Middleware Application Security Guide. This chapter contains the following sections: ■ Section 4.1, About the Security Framework ■ Section 4.2, Getting Started with Security for Oracle RTD ■ Section 4.3, Resource Types and Actions for Oracle RTD ■ Section 4.4, Administration Tools Used for Common Security-Related Tasks ■ Section 4.5, Typical System Administration Tasks for Securing Oracle RTD ■ Section 4.6, Managing Authentication for Oracle RTD ■ Section 4.7, Managing Authorization and Privileges for Oracle RTD ■ Section 4.8, Using SSL with Oracle RTD ■ Section 4.9, Topics of Interest in Other Guides

4.1 About the Security Framework

Oracle Fusion Middleware and Oracle Real-Time Decisions share a common security framework. Using a common security framework enables Oracle Real-Time Decisions to interoperate securely within your Oracle Fusion Middleware deployment. The security framework is built upon the Java security model, which is a role-based, declarative model employing container-managed security where resources are protected by roles that are assigned to users. For a more thorough discussion of the concepts discussed in this topic, see Oracle Fusion Middleware Application Security Guide. Oracle Platform Security Services Oracle Platform Security Services OPSS is the underlying platform on which the security framework is built. OPSS is standards-based and complies with role-based-access-control RBAC, Java Enterprise Edition JavaEE, and Java Authorization and Authentication Servers JAAS. 4-2 Oracle Fusion Middleware Administrators Guide for Oracle Real-Time Decisions Oracle WebLogic Server Oracle Real-Time Decisions authentication is handled by the Oracle WebLogic Server authenticator providers, in compliance with the OPSS model. An authentication provider performs the following functions: ■ Establishes the identity of users and system processes ■ Transmits identity information ■ Serves as a repository for identity information from where components can retrieve it The default authentication provider is the directory server embedded in Oracle WebLogic Server. Alternate authentication providers can be used if desired and managed in the Oracle WebLogic Administration Console. For more information on Oracle WebLogic Server authentication providers, see Oracle Fusion Middleware Oracle WebLogic Server Administration Console Online Help. Oracle WebLogic Server Security Realms An Oracle WebLogic Server security realm is specific to a domain, and contains the authentication providers, users, groups, security roles, and security policies configured together. Whereas multiple security realms can be defined for a domain, only one can be active, that is, designated as the default realm, at a given time. Security Administration Tools The administrative tasks required to secure and protect application objects are performed through Oracle Fusion Middleware and Oracle WebLogic Server consoles, and the command-line Oracle WebLogic Scripting Tool WLST. For details, see Section 4.4, Administration Tools Used for Common Security-Related Tasks.

4.2 Getting Started with Security for Oracle RTD