The Latest Oracle E-Business Suite Technology News direct from
Oracle E-Business Suite Development & Product Management
-
Application Tier
May 1, 2020
EBS Security Feature Allowed Resources Now Available for EBS 12.1.3
I am pleased to announce the availability of the Allowed Resources security feature for Oracle E-Business Suite 12.1.3. The Allowed Resources feature is available for Oracle E-Business Suite 12.1.3 with Patch 30110924.
What protection is provided with Allowed Resources?
Oracle E-Business Suite is delivered with JavaServer Pages (JSPs) and servlets. Most customers use only a subset of these provided resources. The Allowed Resources feature allows you to reduce your attack surface by disabling resources that are not used in your environment. You can allow or deny resources at the family, product, or resource level.
The Allowed Resources feature allows you to define a whitelist of allowed resources for your Oracle E-Business Suite 12.1.3 environment. When enabled, accessing resources that are not configured in your whitelist is not allowed.
With Oracle E-Business Suite Release 12.1.3, you may use one of the following Allowed Resources user interfaces in order to configure the feature:
- Management by Product Hierarchy to easily allow or deny access by product families
- Management by Resource to easily allow or deny access to individual resources
Your users will see an error message if access to a resource is blocked by the Allowed Resources feature.
Refer to the documentation for more information on how to to deploy and configure the Allowed Resources feature.
Where can I learn more?
- Read more about the Allowed Resources feature available in Secure Configuration for Oracle E-Business Suite Release 12.1 (Note 403537.1).
- Watch the online course for the Allowed Redirects available in Oracle E-Business Suite Release 12.1 and 12.2 Transfer of Information (TOI) Online Training (Note 807319.1).
- Watch the Webinar: Secure Oracle E-Business Suite Using Features, Configuration and Certifications.
References
- FAQ: Oracle E-Business Suite Security (Note 2063486.1)
- Secure Configuration for Oracle E-Business Suite Release 12.1 (MOS Note 403537.1)
Related Articles
Thanks for the posting.
In patch 30110924 README it has the following statements that I have seen in many patches' README's.
My question is that does it apply to database tier with version 12c or 19c?
If yes, would it be possible to make them explicit or clear?
Thanks.
DB version check [required]
As a standalone patch this can be applied with DB version 10G/11G.
Following Pre-Requisites are required to be followed.
. R12/DB Ver. 11G : No Pre-Reqs.
. R12/DB Ver. 10GR2 : No Pre-Reqs.
. R12/DB Ver. 10GR1 : For 10gR1, DB Version must be 10.1.0.4 or greater.
Additionally the following parameter need to be set to "true" before applying this patch
"_plsql_conditional_compilation"=true ( refer note 338821.1)
Thanks for the bringing this to my attention. This appears to be a documentation issue. I've reached out to the development team to make the necessary updates README.
Regards,
Elke
Please note that the README for this patch has now been updated. The database dependencies were not a requirement.
We've also addressed the issue of the database dependencies being pulled into future READMEs. Thanks again for bringing this to our attention.
We would appreciate an update on your experience with Allowed Resources with Oracle E-Business Suite 12.1.3. You may send me an email at elke.phelps@oracle.com.
Regards,
Elke
Thanks for quick response and action!!
I saw the README has been updated.
I will update once I find a chance to implement it.
I currently have a SR about a patch in which it has the same DB version
check [required] for 10G/11G. That's what "triggered" me. :--)
The oracle support is not helping, to be honest. They just read the README letter by letter. It's frustrating I have to admit. I don't really want to blame them because that's probably what they are trained to do. :--(
Over the years I have seen many READMEs that have the same "copy/paste". Most of time I just ignore them but the what-if is always in my mind.
Thanks again for the prompt response. That's what I have been looking for in Oracle a while.
Have a good one.
YZ
The README issues are not simply due to copy and paste, but rather inherited information from included/dependent patches. For this patch, the dependent patch has now been updated to exclude the DB dependencies from the README. That will help with future patches if this dependency exists.
I'v also discussed with the team and we will also do a better job reviewing the READMEs prior to release of a new patches in the future.
Hopefully you will see fewer issues such; however, it may happen again. If it does, please let us know.
We are here to help you and all of our customers.
If you email me (elke.phelps@oracle.com) the SR number for your other patch that has listed DB dependencies, I can take a look at it, too.
Regards,
Elke