Configuring Oracle Enterprise Repository to use External Authentication Tooling 3-21

6. Click Save.

7. Enter plug-in login in the System Settings Search text box. The Plugin Login Settings section opens in the Enterprise Authentication group of system settings. 8. Enter false in the Plug-in Login Module text box.

9. Click Save.

3.3.4 Modify the Web Applications Web.xml File to Allow for Container Authentication

1. Stop the Oracle Enterprise Repository application or the application server that it runs within. 2. Modify the Oracle Enterprise Repository web.xml file: ■ Add the following security constraint contents to the end of the file. -- Define a security constraint on this application -- security-constraint web-resource-collection web-resource-nameEntire Applicationweb-resource-name url-patternurl-pattern http-methodGEThttp-method http-methodPUThttp-method http-methodPOSThttp-method http-methodDELETEhttp-method web-resource-collection auth-constraint descriptionThese roles have access to the Oracle Enterprise Repositorydescription role-nameuserrole-name auth-constraint security-constraint security-constraint web-resource-collection web-resource-nameSecure Web Serviceweb-resource-name url-patternservicesOERRegistryurl-pattern web-resource-collection security-constraint -- Define the login configuration for this application -- login-config auth-methodBASICauth-method realm-nameOracle Enterprise Repositoryrealm-name login-config security-role role-nameuserrole-name role-nameadminrole-name role-nameaccessAdministratorrole-name role-nameadvancedSubmitterrole-name role-namebusinessAnalystrole-name role-nameprojectAdministratorrole-name role-nameprojectArchitectrole-name role-nameregistrarrole-name role-nameregistrarAdministratorrole-name role-namesystemAdministratorrole-name Note: This configuration will need to be modified to fit your authentication requirements. This example uses BASIC authentication, which may not be appropriate for your environment. 3-22 Oracle Fusion Middleware Configuration Guide for Oracle Enterprise Repository security-role 3. Start Restart the Oracle Enterprise Repository application. 4 Configuring Advanced Role-based Access Control 4-1 4 Configuring Advanced Role-based Access Control This chapter provides an overview to advanced role-based access control and describes the various concepts in role-based access control. This chapter contains the following sections: ■ Section 4.1, Overview ■ Section 4.2, Security Considerations ■ Section 4.3, Basic Concepts ■ Section 4.4, Access Definitions ■ Section 4.5, Process Overview ■ Section 4.6, Granting and Denying Permissions ■ Section 4.7, Configuring Access Settings for Existing Roles ■ Section 4.8, Role-based Access Control Use Cases

4.1 Overview

Advanced Role-based Access Control, if enabled, allows organizations to limit access to and visibility of Oracle Enterprise Repository content by role at the asset and file level. This is accomplished by applying custom access settings to assets andor files in order to limit their accessibility to particular communities of interest. This foundational capability can be applied to a wide range of organizational initiatives: ■ Exposing Web Services to customers and trading partners. ■ Limiting the amount of intellectual property that is available to outsourced development teams and managing export control. ■ Establishing a Federated Repository that allows everyone to view and access enterprise assets, but limits domain-specific information to relevant domains. ■ Managing actions available to users, such as submitting, accepting, and registering assets. ■ Limiting visibility of assets under development and retired assets. ■ Limiting access to source code files to asset production teams. ■ Granting browse-only Oracle Enterprise Repository access to selected groups.