Oracle Data Integrator Security

原文地址：http://oditraining.blogspot.jp/2012/06/oracle-data-integrator-security.html

 

Objects, Instances and Methods
 

An Object is a representation of a design-time or run-time artifact handled through Oracle Data Integrator. For example, agents, models, datastores, scenarios, interfaces and even repositories are objects. Specific objects have a double name (Agent/Context, Profile/Method, and so forth). These objects represent links between objects. These links are also objects. For instance, Agent/Context corresponds to a physical/logical agent association made through the contexts. Privileges on this object enable to change this association in the topology. 

An Instance is a particular occurrence of an object. For example, the Datawarehouse project is an instance of the Project object. 

A Method is an action that can be performed on an object. Each object has a predefined set of methods. 



Note: The notions of object instance and method in Oracle Data Integrator are similar to the concepts used in Object-Oriented Programming. 


WARNING: 

Although they appear in the Security Navigator, objects and methods are predefined in Oracle Data Integrator and should not be altered. 


Profiles


A Profile contains a set of privileges for working with Oracle Data Integrator. One or more profiles can be assigned to a user to grant the sum of these privileges to this user. 

A Profile Method is an authorization granted to a profile on a method of an object type. Each granted method allows a user with this profile to perform an action (edit, delete, and so forth) on an instance of an object type (project, model, datastore, and so forth). 

Methods granted to a profile appear under this profile in the Profiles accordion of the Security Navigator. When a method does not appear for a given profile, this profile does not have access to this method. 

A method can be granted as a generic or non-generic privilege: 

A method granted as a generic privilege is granted by default on all the instances of this object. 

A method granted as a non-generic privilege is not granted by default on all object instances, but may be granted per instance. 

Generic vs. Non-Generic profiles 

Generic profiles have the Generic privilege option selected for all object methods. This implies that a user with such a profile is by default authorized for all methods of all instances of an object to which the profile is authorized. 

Non-Generic profiles are not by default authorized for all methods on the instances since the Generic privilege option is not selected for all object methods. The administrator must grant the user the rights on the methods for each instance. 

If the security administrator wants a user to have the rights on no instance by default, but wishes to grant the rights by instance, the user must be given a non-generic profile. 

If the security administrator wants a user to have the rights on all instances of an object type by default, the user must be given a generic profile. 

Built-In Profiles 

Oracle Data Integrator has some built-in profiles that the security administrator can assign to the users he creates. 

Table: Built-In Profiles shows the built-in profiles delivered with Oracle Data Integrator. 


Built-In Profiles Profile Name Description 


CONNECT  

Profile granted with the basic privileges to connect Oracle Data Integrator. It should be granted with another profile. 


DESIGNER  

Profile granted with privileges to perform development operations. Use this profile for users who will work mainly on projects. 


NG_DESIGNER  

Non-generic version of the DESIGNER profile. 


METADATA_ADMIN  

Profile granted with privileges to manage metadata. Use this profile for users that will work mainly on models. 


NG_METADATA_ADMIN  

Non-generic version of the METATADA_ADMIN profile. 


OPERATOR  

Profile granted with privileges to manage run-time objects. Use this profile for production users. 


REPOSITORY_EXPLORER  

Profile granted with privileges to view objects. Use this profile for users who do not need to modify objects. 


NG_REPOSITORY_EXPLORER  

Non-generic version of the REPOSITORY_EXPLORER profile. 


SECURITY_ADMIN  

Profile granted with privileges to edit security. Use this profile for security administrators. 


TOPOLOGY_ADMIN  

Profile granted with privileges to edit the Topology. Use this profile for system or Oracle Data Integrator administrators. 


VERSION_ADMIN  

Profile granted with privileges to create, restore and edit versions and solutions. Use this profile for project managers, or developers who are entitled to perform version management operations. 


NG_VERSION_ADMIN  

Non-generic version of the VERSION_ADMIN profile.