This is the seventh installment in a series of blog articles to highlight recommended security guidelines and features for Oracle E-Business Suite (EBS). This blog article describes the importance of enabling and configuring the Allowed Resources feature.
Enable and Configure Allowed Resources
The Allowed Resources feature helps minimize the attack surface of Oracle E-Business Suite when you create an allowlist of resources (JavaServer Pages (JSPs) and servlets) for your environment. The allowlist specifies which resources (JSPs and servlets) are permitted for access within your environment.
Note: An allowlist is a list of items that are explicitly granted access to a resource.
All standard Oracle E-Business Suite JSPs and servlets are included in the Allowed Resources feature by default. Additionally, you have the flexibility to include custom resources to your allowlist as needed.
The Allowed Resources feature provides multiple layers of protection. Using the default configuration offers basic protection with minimal setup. You can enhance the protection by restricting access to Oracle E-Business Suite resources by product family, specific products, or individual resources.
For information and recommendations on enabling and configuring this feature, see Allowed Resources in the Oracle E-Business Suite Security Guide
To use this feature start by enabling it. Once enabled, deny access to resources for Oracle E-Business Suite products that are not used in your environment.
You can then further restrict access by excluding additional resources or including specific custom resources based on your organizational needs. Applying resource restrictions at this level offers optimal security. It is also advisable to periodically review, and update allowed resources to maintain protection.
Security Guidelines and Recommendations: Where to Begin?
For information on EBS security guidelines, security features, certifications, encryption, or other security-related topics, you should start with the FAQ: Oracle E-Business Suite Security (MOSFS Article ID KA1033, Formerly MOS Doc ID 2063486.1).
The content in FAQ: Oracle E-Business Suite Security (MOSFS Article ID KA1033, Formerly MOS Doc ID 2063486.1) is updated on a regular basis. We recommend that you bookmark this MOSFS Article and review it routinely for updates.
References
- Allowed Resources in the Oracle E-Business Suite Security Guide
- FAQ: Oracle E-Business Suite Security (MOSFS Article ID KA1033, Formerly MOS Doc ID 2063486.1)
- Oracle E-Business Suite What’s New Home Page
- What’s New: Applications Technology 12.2.15
Related Articles
- Oracle E-Business Technology Blog – Security
- EBS Quarterly Update Recommendations
- How Do I Receive the Latest EBS 12.2 and 12.1 Technology News, Updates, and Announcements?
- REMINDER: EBS Security Guidelines and Recommendations – Part 1
- REMINDER: EBS Security Guidelines and Recommendations – Part 2
- REMINDER: EBS Security Guidelines and Recommendations – Part 3
- REMINDER: EBS Security Guidelines and Recommendations – Part 4
- REMINDER: EBS Security Guidelines and Recommendations – Part 5
- REMINDER: EBS Security Guidelines and Recommendations – Part 6
- REMINDER: EBS Security Guidelines and Recommendations – Part 7 (this blog article)