| Oracle® Retail Merchandising Security Guide Release 15.0 E65442-01 |
|
 Previous |
 Next |
The database should be secured using the recommendations from the Oracle Database 12 C Release 1 Security Guide.
The following sections provide additional application specific guidance for securing the database for use with Oracle Retail Invoice Matching application.
As ReIM shares the schema owner with RMS, you need to follow the RMS security guidelines regarding schema owner permissions.
ReIM should not use schema owner for database communication. Instead a schema synonym should be used. The schema used for database interaction is stored in more than one place within the application (actually it is store in 2 configuration files and on the WebLogic Data Source). When you need to update the schema being used, make sure that all places have been updated.
The following recommendations should be considered for the database:
The database server should be on a private network.
The database server should be in a locked secure facility and inaccessible to non-administrator personnel.
The database should only be accessed through trusted network hosts.
The database server should have minimal use of ports and any communications should be under secure protocols.
The database should be on its own dedicated server (or a cluster of servers).
The database server should be behind a firewall.
Any database user should be audited.
Only minimal rights should be granted to the owner of database processes and files such that only that owner has the right to read and write from the database related files, and no one else has the capability to read and write from such files.
ReIM uses a batch infrastructure for purging data. The purging processes should be scheduled and executing any individual data purging process outside of this schedule should be avoided. Some of the purging is performed via truncating tables and as such no rollback is possible.
If some additional purging is required on a regular basis that is outside of the purging functionality provided by ReIM, it will need to be executed by a standard set of scripts that should have security built into it. In addition, any custom purging scripts should be executed under a separate schema.
