Part IV Part IV Security Tasks Part IV contains the following chapters: ■ Chapter 20, Overview of Security Tasks ■ Chapter 21, Managing Users ■ Chapter 22, Managing Groups ■ Chapter 23, Managing Roles ■ Chapter 24, Managing HTTP Publish-Subscribe Server Security ■ Chapter 25, Managing SSL 20 Overview of Security Tasks 20-1 20 Overview of Security Tasks This section contains the typical security tasks you can perform with Oracle CEP Visualizer, including: ■ Section 20.1, User, Group, and Role Management ■ Section 20.2, HTTP Publish-Subscribe Server Channel Security Management ■ Section 20.3, SSL Management For more information, see Configuring Security for Oracle CEP in the Oracle Complex Event Processing Administrators Guide.

20.1 User, Group, and Role Management

Oracle CEP uses role-based authorization control to secure the Oracle CEP Visualizer and the wlevs.Admin command-line utility. There are a variety of default out-of-the-box security groups. You can add users to different groups to give them the different roles. Administrators who use Oracle CEP Visualizer, wlevs.Admin, or any custom administration application that uses JMX to connect to an Oracle CEP instance use role-based authorization to gain access. You can also use role-based authorization to control access to the HTTP publish-subscribe server. There are two types of role: ■ Application roles: application roles grant users the permission to access various Oracle CQL applications deployed to the Oracle CEP server. You can create application roles and associate them with the task roles that Oracle CEP provides. By default, administrator users can access any application and non-administration users cannot access any applications. Before a none-administration user can access an application, an administration user must grant the user the associated application role. ■ Task roles: task roles grant users the permission to perform various tasks with the applications their application role authorizes them to access. Oracle CEP provides the default task roles that Table 20–1 describes. Users that successfully authenticate themselves when using Oracle CEP Visualizer or wlevs.Admin are assigned roles based on their group membership, and then subsequent access to administrative functions is restricted according to the roles held by the user. Anonymous users non-authenticated users will not have any access to the Oracle CEP Visualizer or wlevs.Admin.