I am pleased to announce the availability of the Allowed Resources security feature for Oracle E-Business Suite 12.1.3. The Allowed Resources feature is available for Oracle E-Business Suite 12.1.3 with Patch 30110924.
What protection is provided with Allowed Resources?
Oracle E-Business Suite is delivered with JavaServer Pages (JSPs) and servlets. Most customers use only a subset of these provided resources. The Allowed Resources feature allows you to reduce your attack surface by disabling resources that are not used in your environment. You can allow or deny resources at the family, product, or resource level.
The Allowed Resources feature allows you to define a whitelist of allowed resources for your Oracle E-Business Suite 12.1.3 environment. When enabled, accessing resources that are not configured in your whitelist is not allowed.
With Oracle E-Business Suite Release 12.1.3, you may use one of the following Allowed Resources user interfaces in order to configure the feature:
- Management by Product Hierarchy to easily allow or deny access by product families
- Management by Resource to easily allow or deny access to individual resources
Your users will see an error message if access to a resource is blocked by the Allowed Resources feature.
Refer to the documentation for more information on how to to deploy and configure the Allowed Resources feature.
Where can I learn more?
- Read more about the Allowed Resources feature available in Secure Configuration for Oracle E-Business Suite Release 12.1 (Note 403537.1).
- Watch the online course for the Allowed Redirects available in Oracle E-Business Suite Release 12.1 and 12.2 Transfer of Information (TOI) Online Training (Note 807319.1).
- Watch the Webinar: Secure Oracle E-Business Suite Using Features, Configuration and Certifications.
References
- FAQ: Oracle E-Business Suite Security (Note 2063486.1)
- Secure Configuration for Oracle E-Business Suite Release 12.1 (MOS Note 403537.1)
Related Articles