I am pleased to announce the availability of the Allowed Resources security feature for Oracle E-Business Suite 12.1.3. The Allowed Resources feature is available for Oracle E-Business Suite 12.1.3 with Patch 30110924.
What protection is provided with Allowed Resources?
Oracle E-Business Suite is delivered with JavaServer Pages (JSPs) and servlets. Most customers use only a subset of these provided resources. The Allowed Resources feature allows you to reduce your attack surface by disabling resources that are not used in your environment. You can allow or deny resources at the family, product, or resource level.
The Allowed Resources feature allows you to define a whitelist of allowed resources for your Oracle E-Business Suite 12.1.3 environment. When enabled, accessing resources that are not configured in your whitelist is not allowed.
With Oracle E-Business Suite Release 12.1.3, you may use one of the following Allowed Resources user interfaces in order to configure the feature:
Your users will see an error message if access to a resource is blocked by the Allowed Resources feature.
Refer to the documentation for more information on how to to deploy and configure the Allowed Resources feature.
Where can I learn more?
References
Related Articles
Thanks for the posting.
In patch 30110924 README it has the following statements that I have seen in many patches' README's.
My question is that does it apply to database tier with version 12c or 19c?
If yes, would it be possible to make them explicit or clear?
Thanks.
DB version check [required]
As a standalone patch this can be applied with DB version 10G/11G.
Following Pre-Requisites are required to be followed.
. R12/DB Ver. 11G : No Pre-Reqs.
. R12/DB Ver. 10GR2 : No Pre-Reqs.
. R12/DB Ver. 10GR1 : For 10gR1, DB Version must be 10.1.0.4 or greater.
Additionally the following parameter need to be set to "true" before applying this patch
"_plsql_conditional_compilation"=true ( refer note 338821.1)
Thanks for the bringing this to my attention. This appears to be a documentation issue. I've reached out to the development team to make the necessary updates README.
Regards,
Elke
Please note that the README for this patch has now been updated. The database dependencies were not a requirement.
We've also addressed the issue of the database dependencies being pulled into future READMEs. Thanks again for bringing this to our attention.
We would appreciate an update on your experience with Allowed Resources with Oracle E-Business Suite 12.1.3. You may send me an email at elke.phelps@oracle.com.
Regards,
Elke
Thanks for quick response and action!!
I saw the README has been updated.
I will update once I find a chance to implement it.
I currently have a SR about a patch in which it has the same DB version
check [required] for 10G/11G. That's what "triggered" me. :--)
The oracle support is not helping, to be honest. They just read the README letter by letter. It's frustrating I have to admit. I don't really want to blame them because that's probably what they are trained to do. :--(
Over the years I have seen many READMEs that have the same "copy/paste". Most of time I just ignore them but the what-if is always in my mind.
Thanks again for the prompt response. That's what I have been looking for in Oracle a while.
Have a good one.
YZ
The README issues are not simply due to copy and paste, but rather inherited information from included/dependent patches. For this patch, the dependent patch has now been updated to exclude the DB dependencies from the README. That will help with future patches if this dependency exists.
I'v also discussed with the team and we will also do a better job reviewing the READMEs prior to release of a new patches in the future.
Hopefully you will see fewer issues such; however, it may happen again. If it does, please let us know.
We are here to help you and all of our customers.
If you email me (elke.phelps@oracle.com) the SR number for your other patch that has listed DB dependencies, I can take a look at it, too.
Regards,
Elke