The essence of the Cloud Security Methodology can be distilled into a straightforward principle:
It revolves around determining:
- WHO (the User) has access privileges,
- WHAT (the Individual actions) they are permitted to perform, and
- WHICH (the set of data) they can interact with.
Role Inheritance
Security within Fusion Applications predominantly relies on Role-Based Access Control (RBAC). In Fusion Applications, RBAC involves the collaborative use of abstract, job, duty, and data roles to regulate access to functions and data. These functional roles are defined as follows:
Abstract Role:
- This role serves as a categorization for reference purposes.
- It inherits duty roles but does not encompass security policies.
- Examples include roles like ‘Employee’ or ‘Manager,’ among others.
Job Role:
- This role defines a specific job or responsibility assigned to an employee.
- An employee may assume multiple job roles, often requiring data roles to control actions on relevant objects.
- Examples include roles like ‘Benefits Manager’ or ‘Accounts Receivable Specialist,’ and so on.
Data Role:
- This role delineates access rights to data within a specific duty.
- It addresses the question of ‘Who can do what on which set of data?’ by specifying actions like read, update, delete, and manage.
- Duty roles are the only roles with explicit entitlement to data, thus controlling privileges within the user interface, such as access to specific screens, buttons, data columns, and other artifacts.
Duty Role:
- This role defines a set of tasks and represents the most granular form of a role.
- Job and abstract roles inherit duty roles, and data security policies are assigned to duty roles to regulate actions on all associated objects.
- Duty roles are the primary carriers of security policies and are implemented as application roles in the Authorization Policy Manager (APM).
Leave a Reply