Oracle E-Business Suite
Connector name |
|
Connector type | Executable |
Type (UI field value) | Oracle E-Business Suite |
Connector status / support | Customer-Verified Clients may contact Bravura Security support for assistance with this connector. Troubleshooting and testing must be completed in the client's test environment as Bravura Security does not maintain internal test environments for the associated target system. |
Installation / setup | This connector consists of a configuration file, |
All basic operations are supported by issuing SQL commands provided in the script file or calling appropriate application’s stored procedures in the Oracle E-Business Suite.
The following Bravura Security Fabric operations are supported by this connector:
user verify password
user change password
get server information
administrator reset password
enable account
disable account
check account enabled
create account
add user to group
delete user from group
update attributes
List:
accounts
attributes
groups
members
For a full list and explanation of each connector operation, see Connector operations.
This connector also supports custom operations, as defined in the configuration script .
Bravura Security Fabric can also manage Oracle database-level accounts using the connector for Oracle database (agtora) .
Bravura Security Fabric can also manage passwords for accounts defined wholly within a Oracle application in tables, rather than database-level accounts, using the scripted agent for Oracle Database Hosted Applications (agtorascript) .
Preparation
Before Bravura Security Fabric can manage Oracle E-Business Suite accounts, you must:
Install Oracle database client software.
Define a connection name.
Configure a target system administrator.
Create at least one template account to provision accounts for this target.
Write a script to configure connector behavior
Note
The following instructions are for Oracle 19c. Details may vary depending on your version of the software. You must install at least version 11.2.
Installing Oracle database client software
Bravura Security Fabric communicates with Oracle E-Business Suite via OCI. Before you can target Oracle E-Business Suite, you must install the Oracle Database Client (Administrator) on the Bravura Security Fabric server.
The 64-bit version of the Oracle Client is required for Connector Pack 3.0 and higher.
Defining a connection name
Add a TNS entry for Oracle E-Business Suite on which Bravura Security Fabric will manage accounts. To do this:
On the Bravura Security Fabric server, launch Oracle Net Configuration Assistant.
Select Local Net Service Name.
Click Next .
Click Add on the page.
Click Next .
Type the Oracle service name on page.
Click Next .
Select a network protocol on page.
Click Next .
Type Oracle database server’s Host Name and Port Number.
Ensure that you can connect to the database using a valid user name and password during testing.
Click Next .
Type the Net Service Name.
Note
Remember this Net Service Name for the local naming method connection, which will be needed when adding the target system to Bravura Security Fabric .
Click Next to finish.
Alternatively, you can setup connection to Oracle database server by using a tnsnames.ora file provided by your Oracle database administrator. See your Oracle documentation regarding how to specify a connection by configuring a tnsnames.ora file without using Oracle Net Configuration Assistant (NetCA) for more information.
Ensure that the ORACLE_HOME environment variable is set to a valid Oracle home directory which contains OCI.dll. The value of this environment variable must be set either system-wide or for the psadmin local user.
Configuring a target system administrator
Bravura Security Fabric uses a designated account (for example, psadmin) on the Oracle E-Business Suite target system to carry out Bravura Security Fabric operations. The target system administrator requires Oracle back end database privileges that grant execution of SQL commands used in the written script.
Ensure that you set and note the account’s password. You will be required to enter the login ID and password when you add the Oracle E-Business Suite target system to Bravura Security Fabric .
Creating a template account
Bravura Security Fabric uses template accounts as models or "blueprints" for creating new application accounts in a Oracle database.
The steps required to create a template account depend on your application. Consult your systems administrator or application documentation for more information.
Writing a script to configure connector behavior
You must write a script file to define SQL commands used in the interaction between the agtoraebiz connector and the Oracle E-Business Suite. A sample script, agtorascript-oraebiz.cfg is contained in the samples directory. Note that any sample script may need customizations in order to work with your system.
Learn more about writing script files for SQL application connectors.
The agent script, agtoraebiz.cfg is contained in the agent directory.
Stored Procedure calls
Calls to stored procedures must be called in an anonymous PL/SQL block. The SQL key-value for the operation must include the anonymous PL/SQL block. The anonymous PL/SQL block begins with "Begin and ends with End;".
Calls to stored procedures must be called in an anonymous PL/SQL block. The SQL key-value for the operation must include the anonymous PL/SQL block. The anonymous PL/SQL block begins with "Begin and ends with End;".
For example, write:
"sql"= "begin app.adduser(:acctID, :newPW); end;"
When an ora-20410 error code is returned by a stored procedure, Bravura Security Fabric displays the message text to the end user. These messages should be meaningful to the end user and describe something they can act on alone. If another error code is returned, Bravura Security Fabric displays the code only; because these errors are not likely to be meaningful to end users, describe internal errors, or contain security vulnerabilities. It is expected the user will pass on the code to an administrator.
Stored procedure calls can be made for operations that list users, groups, or group members. The stored procedure needs to return a SYS_REFCURSOR and that parameter needs to be bound to a built-in variable ’cursorret’:
"sql"= "begin app.listusers(:cursorret); end;"
The columns defined in the returns KVGroup need to match the sequence of the cursor returned by the procedure.
"sql"= "begin app.adduser(:acctID, :newPW); end;"
When an ora-20410 error code is returned by a stored procedure, Bravura Security Fabric displays the message text to the end user. These messages should be meaningful to the end user and describe something they can act on alone. If another error code is returned, Bravura Security Fabric displays the code only; because these errors are not likely to be meaningful to end users, describe internal errors, or contain security vulnerabilities. It is expected the user will pass on the code to an administrator.
Stored procedure calls can be made for operations that list users, groups, or group members. The stored procedure needs to return a SYS_REFCURSOR and that parameter needs to be bound to a built-in variable ’cursorret’:
"sql"= "begin app.listusers(:cursorret); end;"
The columns defined in the returns KVGroup need to match the sequence of the cursor returned by the procedure.
Binding versus substitution
There are two options available for binding values for Oracle. The script connector agtoraebiz can either bind using names or text substitution.
Binding by name is the preferred method of linking the variable data with the SQL statement. Substitution should be used when binding isn’t available.
For example, a sql key-value in the script that includes binding:
"sql" = "insert into people (id, name, passwd) values (:acctID, :fullname, :newPW)"
For calls involving DDL (for example: alter user or create table), bind variables cannot be used. In these cases, substitution variables must be used instead; for example:
"sql" = "alter user %k:_acctID% identified by %k:_newPW%"
Targeting Oracle E-Business Suite
For each Oracle E-Business Suite, add a target system in Bravura Security Fabric (Manage the System > Resources > Target systems):
Type is Oracle E-Business Suite .
Address uses:
Server The TNS Name
Alternatively, you can specify the connect descriptor in place of the TNS name; for example:
(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=hostdbsvr) > (PORT = 1521)))(CONNECT_DATA=(SID=ORACLE)(SERVER=DEDICATED)))(key: server)
Instance Optional script variable instance name.
(key: instance)
Script file The script file is located in the agent directory and describes the SQL commands used in the interaction between the connector and the Oracle E-Business Suite back-end database.
(key: script)
The address is entered in the format:
{server=<TSN name;[instance=<script_variable_instance>;]script=<script filename>;}Administrator ID and Password to the login ID and password for the target system you configured earlier.
The full list of target system parameters is explained in Target System Options.
Handling account attributes
In order for Bravura Security Fabric to manage attributes, you must first add the attributes to Bravura Security Fabric .
See Account attributes in the Bravura Security Fabric configuration documentation for more information.