| Oracle® Retail Merchandising Security Guide Release 14.1 E55776-01 |
|
 Previous |
 Next |
The Merchandising suite of products is a proven, integrated solution with a rich data set. From 14.1 release Operation Insights provides integration of OBIEE reports into the ReSA user interface. These dashboards and reports help drive workforce efficiencies, provides insights to areas of concern, and thus allows the retailer to grow.
The following topics are covered in this chapter:
The standard reporting tool for Operational Insights is Oracle Business Intelligence Enterprise Edition (BIEE). These reports are integrated within the ReSA application ADF UI to give insight into sales audit functional areas using visualizations (charts, graphs, and so on) of the OBIEE tool.
The operational insights security features are as follows:
Operational Insights uses Oracle Business Intelligence Enterprise Edition (BIEE) to allow the right content to be shown to the right user. All components of Oracle Business Intelligence Enterprise Edition are fully integrated with Oracle Fusion Middleware security architecture. For more information, see chapter Functional Security for Applications Using Fusion Middleware.
The Single Sign-On (SSO) implementation for Oracle Retail Sales Audit (ReSA) Operational Insights dashboards and reports is mandatory in production environments because it has contextual BI reports and in context launches into ReSA screens apart from dashboard reports. Because accessing the Operational Insights reports from the ReSA UI in the absence of SSO poses a security risk, the use of integrated Operational Insights reports in ReSA UI without SSO is not supported in this release. In the absence of SSO, the ReSA Operational Insights dashboard can be accessed in a standalone Oracle Business Intelligence Enterprise Edition (OBIEE) environment. The use of the Operational Insights contextual reports in a standalone OBIEE environment is not supported due to dependencies on ReSA input parameters.
For SSL configuration, see Pre-installation - Steps for Secured Setup of Oracle Retail Infrastructure in WebLogic section.
You can choose to enhance the implementation based on the requirements.
Security in Operational Insights are classified into the following types:
Application Security: Operational Insights is built with role-based access. Permissions are associated with roles the user is assigned to. You can choose to enhance the implementation based on the requirements.
ReSA data-level Security: It controls the visibility of data (content rendered in subject areas, dashboards, Oracle BI answers, and so on) based on the user's association to data in the transactional system. ReSA Operational Insights reports leverage the RMS data authorization infrastructure. For more information, see Security Features of the Application under Chapter 10.
The user's context is set when user views the report, hence ensuring that a user can view data only with respect to the user's access levels.
The context of the user is set by calling the package set_APP_CTX which helps in leveraging the RMS security views and filter_policy_SQL for data authorization in the connection scripts of OBIEE as depicted in Figure 13-1.
For more information, see Post Installation - Application Administration under Chapter 11.
|
Note: The users are able to view data for only user assigned stores at the Sales Audit dashboard page and for all the user's stores for the contextual reports. |
The User Assigned Stores is retrieved by the following SQL:
Select 'AssignedStores',STORE from LOC_TRAITS_MATRIX,SA_USER_LOC_TRAITS where SA_USER_LOC_TRAITS.LOC_TRAIT=LOC_TRAITS_MATRIX.LOC_TRAIT and USER_ID='VALUEOF(NQ_SESSION.USER)'
Object-level Security: Access to Oracle BI Presentation Services objects, such as dashboards, pages, reports and Web folders, are controlled using application roles.
This section describes the object-level security features in Operational Insights and covers the following topics:
Metadata Object-Level Security (Repository Groups)
Metadata Object-Level Security (Presentation Services)
Application roles control access to metadata objects, such as subject areas, tables, and columns. For example, certain Operational Insights roles may be configured to not have access to view certain presentation tables. The metadata object security is configured in the Oracle BI Repository, using the Oracle BI Administration Tool.
Once the Operational insights and ReSA are installed and configured and the system-jazn file is deployed as per the installation guide there would be 4 application roles deployed in the Enterprise Manager which are mapped to the 4 default ReSA groups.
If you want to create a more complex or fine grained security model, you might create your own application roles and application policies as described in this section. You can create application roles based on default preconfigured application policies, or you can create your own application policies.
See Functional Security for Applications Using Fusion Middleware chapter for details on adding new application roles or application policies.
ReSA Operational Insights is built with role-based access. Permissions are associated with roles. The following groups and application roles are applicable:
Table 13-1 Groups and Application Roles
| OIBEE Application Roles for ReSA Reports | ReSA Groups | OBIEE Default Roles |
|---|---|---|
| Auditor |
AUDITOR_JOB |
BI default roles BIConsumer role (Read access) |
|
Auditor Manager |
AUDITOR_MANAGER_JOB |
BI default roles BIConsumer role (Read access) |
|
Finance Manager |
FINANCE_MANAGER_JOB |
BI default roles BIConsumer role (Read access) |
|
Administrator |
ADMINISTRATOR_JOB |
BI default roles BIAuthor role (Read/edit access) |
|
Note: Each default group is preconfigured to use the appropriate default application role. For example, the default group named BIAuthors is assigned to the default application role named BIAuthor. In other words, any users that you add to the default group named BIAuthors automatically have the privileges required to create reports and perform related duties |
Oracle BI Presentation Services objects are controlled using Presentation Services groups. Access to these objects, such as dashboards and pages, reports, and Web folders, is controlled using the Presentation Services groups. Presentation Services groups are customized in the Oracle BI Presentation Services interface. For detailed information about Presentation Services groups, see the Oracle Business Intelligence Presentation Services Administration Guide.
|
Note: By default in ReSA Operational Insights, only permissions at the dashboard level have been configured. |
The list of ReSA Operational Insights Application roles and the associated groups are as follows:
Table 13-2 ReSA Operational Insights Roles and the Associated Groups
| ReSA Operational Insights Roles | Associated Groups |
|---|---|
| Auditor |
Consumer (Read Access) |
|
Auditor Manager |
Consumer (Read Access) |
|
Finance Manager |
Consumer (Read Access) |
|
Administrator |
Author (Read/Edit Access) |
These groups are deployed during ReSA installation in your authentication provider. For more information on how to set-up groups, see the Oracle® Fusion Middleware - Security Guide for Oracle Business Intelligence Enterprise Edition.
For file permission, by default the following permissions are given to users to access files packaged with Operational Insights once installation is completed:
All configuration files should at least have 660 permission
All static data (csv files) should at least have 640 permission
Based on the permission above, besides owner (the installer user), the group member can also view and read and modify the configuration files, and read the static file. A user out of the group cannot do anything to Operational Insights files and explicit permission needs to be given by the Administrator to users outside of the group.
