To protect application data from unauthorized access, Oracle E-Business Suite Integrated SOA Gateway provides security grant feature allowing only authorized users to execute certain methods in an API through Integration Repository.
Managing Grants in the Methods Region
For interfaces that can be exposed as SOAP services only, security grants are managed in the Methods region. These interfaces include Business Service Object interfaces only.
Please note that for XML Gateway interfaces, user security is managed through the Oracle XML Gateway user interface instead. See: Managing XML Gateway User Security in the Trading Partner User Setup Form.
Note: In this release, only PL/SQL APIs and Concurrent Programs can be exposed as both SOAP and REST services. For this type of interfaces, security grants are managed in the Grants tab instead. Once a PL/SQL API or Concurrent Program method access permission is authorized to a grantee, it grants the permission to the associated SOAP and REST services simultaneously. For information on how to manage security grants for PL/SQL APIs and Concurrent Programs, see Managing Security Grants for SOAP and REST Web Services.
Creating Security Grants
In the interface details page, an integration administrator can select appropriate method name check boxes in the Methods region. Click Create Grant to open the Create Grants page where the administrator can grant the selected method access permissions to a user, user group, or all users.
Select one of the following values as the grantee type:
Specific User - The grantee is an individual user who was selected directly.
Group of Users - The grantee is a group of users or a member of a group of users.
All Users - The grant was given to all users.
If you select Specific User or Group of Users, specify the user or group for which to create the grants in the Grantee Name field.
Only users with the Integration Administrator role can create and revoke security grants.
Each overloaded function contained in an interface can be uniquely granted to a specific user, user group, or all users through the grant feature. If you select more than one overloaded function in the Procedures and Functions region (or the Methods region), an Overloaded column appears in the Selected Methods table with the selected overloaded functions checked.
Viewing Grant Details
To view the grant details, click the Show link for a given method in the Methods region. If you specified a group of users as the grantee, then all members within the group (i.e. 'Jackson, Lou' and 'Payment, John'), plus the group name itself (i.e. 'OIC Payment Analyst Manger Group') are listed as a grantee.
Note: For each member, the Granted Via column displays the name of the group. For grantees who were selected directly in the Create Grants page, the value in the Granted Via column is Direct.
Revoking Security Grants
In the Methods region, click the Show link for a given method. Click the Revoke icon to revoke a grant for a specific grantee. A confirmation page appears, where you can click Apply or Cancel to execute or cancel the action.
Note: For users who are granted as members of a group, you cannot revoke their grants individually, but revoke the grant for the entire group instead. The Revoke icon is disabled for group members.
To create grants:
Log in to Oracle E-Business Suite as a user who has the Integration Administrator role. Select the Integrated SOA Gateway responsibility and the Integration Repository link.
In the Integration Repository tab, select 'Interface Type' from the View By drop-down list.
Expand an interface type node and click an interface definition name link you want to open the interface details page.
Select one or multiple method names for which you want to create grants.
Click Create Grant. The Create Grants page appears.
Select a grantee type from the list of values.
If you selected Specific User or Group of Users, specify the user or group for which to create the grants in the Grantee Name field.
Click Apply.
The interface details page reappears.
To view or revoke grants:
You can view and revoke existing grants directly in the methods list on the interface details page.
Navigate to the interface details page that you want to view or revoke the grants.
In the Methods region, click Show for a given method to view its grant details in a table.
You can revoke a grant by clicking the Revoke icon. Click Apply to confirm your action.
Managing XML Gateway User Security in the Trading Partner User Setup Form
For XML Gateway interfaces, user security is managed in the Oracle XML Gateway user interface through the Trading Partner User Setup form where the administrator needs to associate users with a trading partner. Only these authorized users can perform XML Gateway inbound transactions with the trading partner. Specifically, the administrator needs to:
Set the "ECX: Enable User Check for Trading Partner" profile option to "Yes" to enable the trading partner specific security feature
Associate users with a trading partner
Log in to Oracle E-Business Suite as a user who has the XML Gateway responsibility. Navigate to Setup and then select Define Trading Partners from the navigation menu. In the Define Trading Partner Setup form, click the User Setup button to access the Trading Partner User Setup form.
For more information about trading partner user security, refer to Trading Partner Setup, XML Gateway Setup chapter, Oracle XML Gateway User's Guide.