To ensure that questions get required attention from community members and are NOT left unanswered, it’s important for the author to indicate (by selecting “Yes” or “No” when prompted) whether the question was answered. (newly added) Please note that it is also important to respond to EACH comment your question receives. Your Yes or No response ensures an accurate status for your question.
For more information, please refer to this announcement explaining best practices for getting answers to questions.
For more information, please refer to this announcement explaining best practices for getting answers to questions.
Applications Security
Discussion List
-
Malware/Virus Scan for documents uploaded in UCM from External SourceSummary: Is there any Oracle Solution that deals with the documents scanning for uploaded documents from external system to Oracle UCM Cloud for virus/malware scanning. …
-
CSSP Log API Integration for Oracle HCMSummary: Oracle HCM SaaS Log API for Cyber Security Service Provider (CSSP) Content (please ensure you mask any confidential information): As the summary mentions, has a…
-
Does WAF for SAAS work in Blocking mode or Alert mode in Oracle Cloud ?Hi We are looking forward to understand the WAF for SAAS capabilities to operate in blocking mode rather than Alert mode. This information is requested are per periodic …
-
Audit & Compliance EventsSummary: What is the way to enable audit logs in oracle fusion, trying to fetch these fields from audit log Audit Log Enabled, Audit Log disabled, log deletion attempted…
-
SSO enabled environment - how to handle pending worker user profileContent Hi Team, Our client has an SSO enabled environment with LBAC and they are soon starting to use ORC. In this case we would like our pending workers to access the …
-
Unknown User Names in PU_USERS TableSummary: Seeing plenty of Unknown User Names in PU_USERS Table. Few samples are give below. 1)Please let know whether this pose any threat 2) Are these Oracle generated?…
-
Show custom message to specific usersSummary: Is it possible to show a message (anyhow - popup, plain text, warning message…) to specific users at login? Content (please ensure you mask any confidential inf…
-
Role Deprovision - Best Practice - Delete Role or Uncheck Autoprovision Box in Rule on Role?Summary: In Manage Role Provisioning Rules, and a role is to be deprovisioned (removed) from users, there is functionality to delete the role from the rule or to uncheck…
-
How to add new fusion roles in application composer, i dont see an option to create newSummary: Hi Team I want to add new role here in application composer but i do not see an option here to add new role or to use any roles i have created in fusion. How to…
-
Clarification regarding Token based authentication implementation in OICHi, Currently , for connection between our PaaS (OIC) and SaaS (fusion cloud) is having basic authentication. We are planning to implement OAuth token based authenticati…
-
Oracle cloud account keep getting lockedOracle cloud ERP SaaS Account keep getting locked, we are not able to find out which process is using incorrect password. Is there way to get audit trail for failed logi…
-
What is the way to get details of User Account disabled eventsSummary: What is the way to fetch details of User Account disabled events like why account is disabled, at what time account is disabled, User ID of whose accounts are d…
-
Hiring Agencies not able to access Oracle HCM cloud SaaS Application while SSO implementedHiring Agencies access to Oracle HCM cloud SaaS Application while SSO implemented. Hiring agency users are not able to login post SSO implemented and chooser page disabl…
-
What is the way to fetch details of Administrative ActivitiesSummary: What is the way to fetch details of Administrative Activities like User & Role Management, Database & Object Management, Data Management, Security & Access Cont…
-
JPS (Java Platform Security) Keys UsageHello Team, In one of our security ask we are been queried with a question that are we in use of Java Platform Security keys in any of our services we are enrolled of, c…
-
How to fetch User account deleted eventsSummary: How to fetch the information of user account deleted events like who, why and at what time deleted the user account. Let me know if there is any standard report…
-
How to fetch User Login Failure EventsSummary: I want to fetch User Login Failure Events details such as timestamp, IP Address, Failure reason like why it is failed because of incorrect password or account i…
-
Passwords are not expiring per the password policywe have recently discovered that the password policy is not being enforced or is not working. We have checked several accounts including user accounts and passwords that…
-
SSO Options with OSC and other sitesHello, We currently have a SSO set-up from OSC to CPQ and we were looking at additional options for other sites. We were wondering what options we have and what OSC can …
-
Disable "Add User" while creating or updating roles in Security ConsoleWe need to create a custom role for: 1. Edit Existing roles 2. Create Additional Roles. 3. This role should not be allowed to Add Users while creating new role or updati…
-
'Last Login Dates' are not recorded for specific users'Last Login Dates' are not recorded for a specific user despite this data being available for all other users. A particular user account is frequently deactivated due to…
-
Can we get OCI IAM feature enabled for Fusion before 25B release?Summary: In the webinar today, it was communicated that the new OCI IAM feature in Oracle Fusion will be going live in 25B (May 2025). All the clients will have a roll o…
-
Prevent user frontend loginFor our Oracle HCM Cloud environment, we have configured OAuth security for connecting with API's, and we followed this guide: Different ways to consume Fusion SaaS API …
-
grant in SYSTEM scope failed due to JPS-04201 oracle HCM OPSS audit rest APIfor an audit integration, we need to transmit audit REST API details to a third party monitoring system. using OPSS as product for fscmRestApi/fndAuditRESTService/auditt…
-
Password ManagementHello, I searched the entire security memo and couldn't find the answer to my question: https://docs.oracle.com/en/cloud/saas/applications-common/25a/facsa/how-can-i-dis…
-
How to determine version of Oracle WebLogic Server/Fusion Middleware used in Fusion Cloud ERP?Summary: How to determine version of Oracle WebLogic Server/Fusion Middleware used in Fusion Cloud ERP? We have been notified by a vendor of a vulnerability to an attack…
-
how to change label based on custom roleSummary: How to change a label based on custom role Content (please ensure you mask any confidential information): We are trying to change the label from sandbox which w…
-
Oracle fusion session inactivity timeoutHello, I've been asked if it's possible to increase the session inactivity timeout. As per the doc it doesn't look like this is possible. Is this still the case does any…
-
How to restrict access for users by calling their specific roles via page composer?Summary: Is it possible to restrict users from accessing certain functionalities by calling out their specific roles? Example. User1 has role 1 2 3 User2 has role 1 2 Is…
-
Can user reset the password once expired on user login screen by confirming last passwordI understand there is a forgot password link on login screen and user can reset the password by notification link. I just wanted to confirm if there are any ways to rese…