Skip Headers
Oracle® Key Manager 3 Administration Guide
Release 3.0
E41579-02
  Go To Table Of Contents
Contents
Go To Index
Index

Previous
Previous
 
Next
Next
 

10 Quorum Member Operations

This chapter describes the operations that a user who has been given a Quorum Member role can perform. If you have been assigned other roles, refer to the appropriate chapter for instructions on performing the specific role.

Quorum Member Role

The Quorum Member Role views and approves pending quorum operations.

Surrounding text describes quorum_member_role.jpg.

A user who has been assigned the Security Operator role must first log into the OKM Manager GUI, create one or more users, and assign them the Quorum Member role (see "Creating a User").

When you create a user with the Quorum Member role, the Security Officer must provide a sufficient quorum of Key Split Credentials in the Key Split Quorum Authentication dialog, since not all Quorum Member Users have been created yet.

Pending Quorum Operation List Menu

The Pending Quorum Operation List menu shows any pending operations that require the approval of a quorum of Key Split Credentials before the system performs them. This menu appears when the user has the Quorum Member or Security Officer role.

The Pending Quorum Operation List menu includes the following options:

  • View the Pending Operation list details

  • Approve a pending operation

  • Delete a pending operation.

Surrounding text describes pending_operation_list.jpg.

You can filter the Pending Operations lists by any of the following keys:

  • Pending Operation ID

  • KMA Name

  • Operation Type

  • Submitted Date

  • Last Updated.

The Use button applies the filter to the displayed list for the pending operation.

The fields and their descriptions are given below:

Filter:

Displays the fields that you can use to filter the results of queries made to the KMA. Possible values are:

  • Pending Operation ID

  • KMA Name

  • Operation Type

  • Submitted Date

  • Last Updated

Filter Operator box:

Click the down-arrow and select the filter operation you want. Possible values are:

  • Equals =

  • Not equal <>

  • Greater than >

  • Less than <

  • Greater than or equals >=

  • Less than or equals <=

  • Starts with ~

  • Empty

  • Not empty

Filter Value text box:

Type a value to filter the selected attribute by. This filter option is not displayed for all filter attributes.

Filter Value combo box:

Click the down-arrow and select a value to filter the selected attribute by. This filter option is not displayed for all filter attributes.

Click the plus button to add additional filters.

Click the minus button to remove a filter. This button is only displayed if there is more than one filter shown.

Use:

Click this button to apply the selected filters to the displayed list and go to the first page.

Refresh:

Click this button to refresh the list.

Reset:

Click this button to remove all filters and reset the displayed list to the first page.

Click this button to go to the first page of the list.

Surrounding text describes okm_first_page.jpg.

Click this button to go to the previous page.

Surrounding text describes okm_prev_page.jpg.

Click this button to go to the next page.

Surrounding text describes okm_next_page.jpg.

Results in Page:

Displays the number of records per page that were configured in the Query Page Size field in the Options dialog box.

Pending Operation ID:

Uniquely identifies the pending quorum operation.

KMA Name:

The name of the KMA from which this operation was submitted.

Operation Type:

The type of quorum operation.

Submitted Date:

The date when the pending quorum operation was submitted.

Last Updated:

The date when the quorum was last updated on this operation. The quorum on a particular pending quorum operation is updated whenever another Quorum Member provides key split user names to approve it. The pending quorum operation expires when not enough key split users approve this operation within the Pending Operation Credentials Lifetime. This date is initially set to be the same as the submitted date when the pending quorum operation is submitted.

Credentials:

A list of key split user names that have already approved this pending quorum operation.

Details:

Click this button to view detailed information about a pending quorum operation.

Approve Pending Operation:

Click this button to approve a pending quorum operation. You must be in the Quorum Member role to do this.

Delete:

Click this button to delete a selected pending quorum operation. You must be in the Security Officer role to do this.

Viewing Pending Operations Details

To view pending operations details:

From the Pending Operation List screen, click the Details button. The Pending Quorum Operation dialog box is displayed.

Surrounding text describes pending_op_list_details.jpg.

The Key Split User Names field lists Key Split Users, if any, who have already approved this operation.

To get more information about this particular pending quorum operation, you can filter audit events displayed in the Audit Event List panel (see "Viewing Audit Logs").

  1. Navigate to the Audit Event List panel.

  2. Define a filter with the Operation filter set to Add Pending Quorum Operation. If you have several pending quorum operations, you may want to define another filter with Created Date specifying a time period around the Submitted Date of this particular pending quorum operation.

  3. Click the Use button to display those audit events that match this filter. The Message Values field of the filtered audit event should contain more information about the pending quorum operation.

Approving Pending Quorum Operations

To approve a pending operation, you must log into the OKM Manager GUI in the Quorum Member role; otherwise, the Approve button is disabled.

Other users who have the Quorum Member role can also log in separately and approve a pending quorum operation. When a sufficient quorum of Key Split Credentials approves the pending quorum operation, then the OKM Cluster performs the operation.

To approve pending quorum operations:

  1. From the Pending Operation List screen, click the Approve Pending Operation button.

  2. The Key Split Quorum Authentication dialog box is displayed.

    Surrounding text describes key_split_quorum_auth.jpg.

    If you provide a sufficient quorum of Key Split Credentials in the Key Split Quorum Authentication dialog box, then information is updated in the OKM Cluster after you provide a quorum, not when you click the Save button.

    If you do not provide a sufficient quorum in the Key Split Quorum Authentication dialog box, two different outcomes can occur depending on the replication version:

    Replication Version: Result:
    10 or lower The operation fails and no information is updated in the OKM Cluster.
    11 or higher The operation becomes pending. That is, the system adds the operation to a list of pending quorum operations (see "Pending Quorum Operation List Menu"). A popup message appears when the operation is added to this list.

    No information is updated in the OKM Cluster until users with the Quorum Member role (Quorum Member users) log in and provide a sufficient quorum.


  3. Enter the quorum user names and passphrases to authenticate the operation.

    If you do not immediately provide a sufficient quorum of Key Split Credentials, the system adds the operation to a list of pending quorum operations and generates the following dialog box.

    Surrounding text describes adduserrolepending.jpg.

When you click OK, you then see this operation in the Pending Quorum Operation List screen (refer to the sample screen shown in "Pending Quorum Operation List Menu").

Deleting Pending Quorum Operations

To delete a pending operation, you must log into the OKM Manager GUI in the Security Officer role; otherwise, the Delete button is disabled.

To delete pending operations:

  1. From the Pending Operation List screen, highlight the pending operation you want to delete and click the Delete button.

    The following dialog box is displayed, prompting you to confirm that you want to delete the selected pending operation.

    Surrounding text describes aysdel_pndng_quo_op.jpg.
  2. Click the Yes button to delete the pending operation. The currently selected pending operation is deleted and you are returned to the Pending Operation List screen. The system also removes any entries that are associated with the pending operation.