Skip to main content

Preparation

Before Bravura Security Fabric can manage Oracle E-Business Suite accounts, you must:

  1. Install Oracle database client software.

  2. Define a connection name.

  3. Configure a target system administrator.

  4. Create at least one template account to provision accounts for this target.

  5. Write a script to configure connector behavior

    Note

    The following instructions are for Oracle 19c. Details may vary depending on your version of the software. You must install at least version 11.2.

Installing Oracle database client software

Bravura Security Fabric communicates with Oracle E-Business Suite via OCI. Before you can target Oracle E-Business Suite, you must install the Oracle Database Client (Administrator) on the Bravura Security Fabric server.

The 64-bit version of the Oracle Client is required for Connector Pack 3.0 and higher.

Defining a connection name

Add a TNS entry for Oracle E-Business Suite on which Bravura Security Fabric will manage accounts. To do this:

  1. On the Bravura Security Fabric server, launch Oracle Net Configuration Assistant.

  2. Select Local Net Service Name.

    Click Next .

  3. Click Add on the Net Service Name Configuration page.

    Click Next .

  4. Type the Oracle service name on Net Service Name Configuration, Service Name page.

    Click Next .

  5. Select a network protocol on Net Service Name Configuration, Select Protocols page.

    Click Next .

  6. Type Oracle database server’s Host Name and Port Number.

    Ensure that you can connect to the database using a valid user name and password during testing.

    Click Next .

  7. Type the Net Service Name.

    Note

    Remember this Net Service Name for the local naming method connection, which will be needed when adding the target system to Bravura Security Fabric .

  8. Click Next to finish.

Alternatively, you can setup connection to Oracle database server by using a tnsnames.ora file provided by your Oracle database administrator. See your Oracle documentation regarding how to specify a connection by configuring a tnsnames.ora file without using Oracle Net Configuration Assistant (NetCA) for more information.

Ensure that the ORACLE_HOME environment variable is set to a valid Oracle home directory which contains OCI.dll. The value of this environment variable must be set either system-wide or for the psadmin local user.

Configuring a target system administrator

Bravura Security Fabric uses a designated account (for example, psadmin) on the Oracle E-Business Suite target system to carry out Bravura Security Fabric operations. The target system administrator requires Oracle back end database privileges that grant execution of SQL commands used in the written script.

Ensure that you set and note the account’s password. You will be required to enter the login ID and password when you add the Oracle E-Business Suite target system to Bravura Security Fabric .

Creating a template account

Bravura Security Fabric uses template accounts as models or "blueprints" for creating new application accounts in a Oracle database.

The steps required to create a template account depend on your application. Consult your systems administrator or application documentation for more information.

Writing a script to configure connector behavior

You must write a script file to define SQL commands used in the interaction between the agtoraebiz connector and the Oracle E-Business Suite. A sample script, agtorascript-oraebiz.cfg is contained in the samples directory. Note that any sample script may need customizations in order to work with your system.

Learn more about writing script files for SQL application connectors.

The agent script, agtoraebiz.cfg is contained in the agent directory.

Stored Procedure calls

Calls to stored procedures must be called in an anonymous PL/SQL block. The SQL key-value for the operation must include the anonymous PL/SQL block. The anonymous PL/SQL block begins with "Begin and ends with End;".

Calls to stored procedures must be called in an anonymous PL/SQL block. The SQL key-value for the operation must include the anonymous PL/SQL block. The anonymous PL/SQL block begins with "Begin and ends with End;".

For example, write:

  "sql"= "begin app.adduser(:acctID, :newPW); end;"

When an ora-20410 error code is returned by a stored procedure, Bravura Security Fabric displays the message text to the end user. These messages should be meaningful to the end user and describe something they can act on alone. If another error code is returned, Bravura Security Fabric displays the code only; because these errors are not likely to be meaningful to end users, describe internal errors, or contain security vulnerabilities. It is expected the user will pass on the code to an administrator.

Stored procedure calls can be made for operations that list users, groups, or group members. The stored procedure needs to return a SYS_REFCURSOR and that parameter needs to be bound to a built-in variable ’cursorret’:

  "sql"= "begin
   app.listusers(:cursorret); end;"

The columns defined in the returns KVGroup need to match the sequence of the cursor returned by the procedure.

"sql"= "begin app.adduser(:acctID, :newPW); end;"

When an ora-20410 error code is returned by a stored procedure, Bravura Security Fabric displays the message text to the end user. These messages should be meaningful to the end user and describe something they can act on alone. If another error code is returned, Bravura Security Fabric displays the code only; because these errors are not likely to be meaningful to end users, describe internal errors, or contain security vulnerabilities. It is expected the user will pass on the code to an administrator.

Stored procedure calls can be made for operations that list users, groups, or group members. The stored procedure needs to return a SYS_REFCURSOR and that parameter needs to be bound to a built-in variable ’cursorret’:

 "sql"= "begin
  app.listusers(:cursorret); end;"

The columns defined in the returns KVGroup need to match the sequence of the cursor returned by the procedure.

Binding versus substitution

There are two options available for binding values for Oracle. The script connector agtoraebiz can either bind using names or text substitution.

Binding by name is the preferred method of linking the variable data with the SQL statement. Substitution should be used when binding isn’t available.

For example, a sql key-value in the script that includes binding:

"sql" = "insert into people (id, name, passwd) values (:acctID, :fullname, :newPW)"

For calls involving DDL (for example: alter user or create table), bind variables cannot be used. In these cases, substitution variables must be used instead; for example:

"sql" = "alter user %k:_acctID% identified by %k:_newPW%"
In this section: