Академический Документы
Профессиональный Документы
Культура Документы
Version 18
August 2018
Contents
Security Guidance Overview ............................................................................................................. 5
Safe Deployment of Primavera Unifier ............................................................................................. 5
Administrative Privileges Needed for Installation and Operation........................................................ 5
Minimum Client Permissions Needed for Primavera Unifier ............................................................... 5
Physical Security Requirements for Primavera Unifier ........................................................................ 6
Application Security Settings in Primavera Unifier ............................................................................... 6
Files to Protect after Implementation ................................................................................................... 6
Authentication Options for Primavera Unifier ................................................................................... 7
Authorization for Primavera Unifier .................................................................................................. 7
Confidentiality for Primavera Unifier................................................................................................. 7
Sensitive Data for Primavera Unifier ................................................................................................ 8
Reliability for Primavera Unifier ........................................................................................................ 8
Cookies Usage .................................................................................................................................. 8
Additional Sources for Security Guidance ........................................................................................ 9
Legal Notices .................................................................................................................................. 10
3
Security Guidance Overview
The Unifier Security Guide provides guidelines on how to plan your security strategy for Oracle
Primavera Unifier.
During the installation and configuration process for Oracle Primavera Unifier, several options
are available that impact security. Depending on your organization's needs, you might need to
create a highly secure environment for all Primavera Unifier environments. Use the following
guidelines to plan your security strategy for Primavera Unifier:
Review all security documentation for applications and hardware components that interact or
integrate with Primavera Unifier. Oracle recommends you harden your environment. See
Additional Sources for Security Guidance (on page 9) for links to information that can
help you get started.
Read through the summary of considerations for Primavera Unifier included in this
document. Areas covered include: safe deployment, authentication options, authorization,
confidentiality, sensitive data, reliability, and cookies usage.
Tips
As with any software product, be aware that security changes made for third party applications
might affect Unifier applications. For example, if you configure WebLogic to use only SSL v3.0,
you must disable TLS v1.0 for the client JRE for Primavera Unifier to launch properly. If using
Internet Explorer browser, you must also disable TLS v1.0 in Internet Options.
5
Unifier Security Guide for On-Premises
Note: The HTTPS authentication setting requires that web server and
application server settings support SSL.
For details about configuring the OHTTP Server (OHS), refer to the Configuring the OHTTP
Server (OHS) section of the Unifier Installation Guide (WebLogic).
6
Authentication Options for Primavera Unifier
Note: The P6 EPPM Web Services offers its own authentication options.
If you use Security Assertion Markup Language (SAML) for P6 EPPM
Web Services, you must use Single Sign-on authentication for Primavera
Unifier.
Note: Oracle recommends that you limit users who have admin
permissions.
7
Unifier Security Guide for On-Premises
Cookies Usage
As stated in Reliability for Primavera Unifier (on page 8), set a maximum age for the session
cookie on the application server.
When using Unifier, the server may generate the following cookies and send them to the user’s
browser. The user’s machine stores the cookies, either temporarily by the browser, or
permanently until they expire or are removed manually.
8
Additional Sources for Security Guidance
Each user that signs in to Unifier web will see a notification banner (Cookies in Unifier) that
notifies the user that Unifier uses cookies. This banner has a link to the Unifier cookie policy
which explains what information is being tracked by way of cookies. The user must click Got It in
order to access the rest of the Unifier application.
Oracle might use cookies for authentication, session management, remembering application
behavior preferences and performance characteristics, and to provide documentation support.
Also, Oracle might use cookies to remember your log-in details, collect statistics to optimize site
functionality, and deliver marketing based on your interests.
Note: The URLs below might have changed after Oracle published this
guide.
Oracle Database
Go to https://docs.oracle.com/en/database/ and select the supported version. See Tested
Configuration for details.
Oracle WebLogic
Go to https://docs.oracle.com/en/middleware/ and select Oracle WebLogic Server.
9
Legal Notices
Oracle Primavera Unifier Security Guide for On-Premises
Copyright © 1998, 2018, Oracle and/or its affiliates. All rights reserved.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be
trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC
trademarks are used under license and are trademarks or registered trademarks of SPARC
International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or
registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open
Group.
This software and related documentation are provided under a license agreement containing
restrictions on use and disclosure and are protected by intellectual property laws. Except as
expressly permitted in your license agreement or allowed by law, you may not use, copy,
reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish or
display any part, in any form, or by any means. Reverse engineering, disassembly, or
decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be
error-free. If you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone
licensing it on behalf of the U.S. Government, the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system,
integrated software, any programs installed on the hardware, and/or documentation, delivered to
U.S. Government end users are "commercial computer software" pursuant to the applicable
Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use,
duplication, disclosure, modification, and adaptation of the programs, including any operating
system, integrated software, any programs installed on the hardware, and/or documentation,
shall be subject to license terms and license restrictions applicable to the programs. No other
rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management
applications. It is not developed or intended for use in any inherently dangerous applications,
including applications that may create a risk of personal injury. If you use this software or
hardware in dangerous applications, then you shall be responsible to take all appropriate
failsafe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation
and its affiliates disclaim any liability for any damages caused by use of this software or
hardware in dangerous applications.
This software or hardware and documentation may provide access to or information on content,
products and services from third-parties. Oracle Corporation and its affiliates are not responsible
for and expressly disclaim all warranties of any kind with respect to third-party content, products,
and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or
damages incurred due to your access to or use of third-party content, products, or services.
10