| Oracle® Retail Merchandising Security Guide Release 14.1 E55776-01 |
|
 Previous |
 Next |
The database should be secured using the recommendations from the Oracle Database 12 C Release 1 Security Guide.
The following sections provide additional application specific guidance for securing the database for use with Oracle Retail Price Management application.
As RPM shares schema owner with RMS, follow RMS security guidelines regarding schema owner permissions.
RPM should not use schema owner for database communication. Instead a schema synonym should be used.
The following recommendations should be considered for the database:
The database server should be in a private network.
The database server should be in a locked secure facility and inaccessible to non-administrator personnel.
The database should only be accessed through trusted network hosts.
The database server should have minimal use of ports and any communications should be under secure protocols.
The database should be on its own dedicated server.
The database server should be behind a firewall.
Any database user beyond the schema application owner should be audited.
Only minimal rights should be granted to the owner of database processes and files such that only that owner has the right to read and write from the database related files, and no one else has the capability to read and write from such files.
The purge script is usually put into an automation script, which runs once a day. As described above, this script is usually run by a user with limited access (only execute procedure and connect access).
RPM will use batch infrastructure for purging data. As such the user authentication is required. The purging processes should be scheduled and executing any individual data purging process outside of this schedule should be avoided.
If some additional purging is required on a regular basis that is outside of the purging functionality provided by RPM, do that through standard set of scripts that should have security built into it. Run the custom purging scripts under a separate schema.
