Skip Headers
Oracle® Retail Merchandising Security Guide
Release 14.1.2.1
E70529-01
Next
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Send Us Your Comments
Preface
Audience
Documentation Accessibility
Customer Support
Oracle Retail Documentation on the Oracle Technology Network
Conventions
Part I Oracle Retail Applications
1
Pre-installation of Retail Infrastructure in WebLogic
Java Development Kit (JDK) Hardening for Use With Retail Applications
Upgrading JDK to Use Java Cryptography Extension
Disabling Weak SSL protocols and Obsolete Ciphers in JDK
Pre-installation - Steps for Secured Setup of Oracle Retail Infrastructure in WebLogic
Certificate Authority
Obtaining an SSL Certificate and Setting up a Keystore
Creating a WebLogic Domain
Configuring the Application Server for SSL
Configuring WebLogic Scripts if Admin Server is Secured
Additional Configuration for WLS_FORMS (For forms server)
Adding Certificate to the JDK Keystore for Installer
Enforcing Stronger Encryption in WebLogic
SSL protocol version configuration
Enabling Cipher in WebLogic SSL Configuration
Securing Nodemanager with SSL Certificates
Using Secured Lightweight Directory Access Protocol (LDAP)
Connecting from Forms Application to Secured Database
Enabling Access to Secured Database from Forms Oracle Home - Optional
Webservice Security Policies
Additional Pre-requisite for Oracle Retail Service Backbone (RSB) Security Policies
Advanced Infrastructure Security
2
Post Installation of Retail Infrastructure in Database
Configuring SSL Connections for Database Communications
Configuring SSL on the Database Server
Configuring SSL on an Oracle Database Client
Configuring SSL on a Java Database Connectivity (JDBC) Thin Client
Configuring the Password Stores for Database User Accounts
Configuring the Database Password Policies
Configuring SSL Connection for Oracle Data Integrator (ODI)
Creating an Encrypted Tablespace in Oracle 12c Container Database
Additional Information
3
Post Installation of Retail Infrastructure in WebLogic
Retail Application Specific Post installation Steps for Security
Batch Set Up for SSL Communication
Oracle Business Intelligence (BI) Publisher - Disable Guest User - Optional
RMS - Forms Timeout Setting - Optional
Asynchronous Task JMS Queue Security
Verifying and Creating Required Async Task Job Role and User
Securing the Asynchronous Task JMS Queue
Allowing Publishing to a Secured Asynchronous Task JMS Queue
4
Installing the Merchandise Operations Management Security Applications
Installing the ReIM Application
Installing the RPM Application
Installing the RMS Application
Installing the ReSA Application
Installing the Allocation Application
5
Troubleshooting
Enabling TLS1.1 and 1.2 Protocols in Internet Explorer 11
Hardening Local JRE for Use with Retail Applications
Java Version 7 SSL Handshake Issue while Using Self Signed Certificates
Importing the Root Certificate in Local Client JRE
Importing the Root Certificate to the Browser
Importing the Root Certificate through Internet Explorer
Importing the Root Certificate through Mozilla Firefox
Setup Secure Cookie
Changes to Web Application Descriptor
Launching Issues with RPM
Disabling Hostname Verification
Verifying the Certificate Content
Verifying the Keystore Content
Integration Issues
Errors in WLS_FORMS
HTTPS Service Encountering Redirect Loop After Applying Policy A
6
Importing Topology Certificate
Importing Certificates into Middleware and Repository of Oracle Retail Applications
7
Using Self Signed Certificates
Creating a Keystore through the Keytool in Fusion Middleware (FMW) 11g
Exporting the Certificate from the Identity Keystore into a File
Importing the Certificate Exported into trust.keystore
Configuring WebLogic
Configuring Nodemanager
Importing Self Signed Root Certificate into Java Virtual Machine (JVM) Trust Store
Disabling Hostname Verification
Converting PKCS7 Certificate to x.509 Certificate
8
Functional Security for Applications Using Fusion Middleware
Understanding the Security Model
Key Security Elements
Permission Grants and Inheritance
Managing Authorization
Accessing Oracle Enterprise Manager Fusion Middleware Control
To display the Security menu in Fusion Middleware Control
Managing the Policy Store Using Fusion Middleware Control
Modifying Application Roles Using Fusion Middleware Control
To add or remove members from an application role
Creating Application Roles Using Fusion Middleware Control
To create a new application role
To create an application role based on an existing one
Customizing the Default Security Configuration
Customizing the Policy Store
Session Timeout
9
ReST Services Security Consideration
One Way SSL
One Way SSL - ReST Services
Part II Oracle Retail Merchandising System (RMS)
10
Understanding Security
Technical Overview of the Security Features
Single Sign-On (SSO) for Oracle Retail Forms Application
Security Features of the Application
SEC_GROUP
SEC_USER_GROUP
SEC_USER
RMS Users and Security
Database-level security
Application-level security
Data-level security
Encryption and Hashing
11
Post Installation - Application Administration
Roles and Permissions
Views
Other Common Application Administration
File Permissions
Data Access Schema (DAS) - Overview
Application Specific Feature Administration
Example - RMS Applications Audit Log
Post Installation Steps for Webservice Security
Applying Policy A
Enabling the HTTPS servers
Creating the Webservice User
Securing services
Updating the Webservice deployment
Webservice Clock Skew setting
Applying Policy B
Creating the Webservice user
Securing services
Updating the Webservice deployment
Part III Oracle Retail Sales Audit (ReSA)
12
ReSA Security Considerations
Default Security Configuration
Data Security
Securing ReSA Tables
13
Operational Insights Security Overview
Operational Insights Reporting Tool - Oracle BI EE
Operational Insights Security Overview
Object-Level Security in Operational Insights
Metadata Object-Level Security (Repository Groups)
Metadata-Object-Level Security (Presentation Services)
Application Specific Feature Administration
Part IV Oracle Retail Invoice Matching (ReIM)
14
General Security Considerations
15
Understanding Security
Security Features Overview
Dependent Applications
ReIM Web Application Deployment
Technical Overview of the Security Features
Security Features of the Application
Authentication
Authorization
Audit
User Management
Encryption and Hashing
16
Post Installation - ReIM Application Administration
Roles and Permissions
Other Common Application Administration
17
Extending/Customization
18
Securing the Database
Application Schema Owners
Database Security Considerations
Restricted Access to Purge Batches
Part V Oracle Retail Price Management (RPM)
19
General Security Considerations
20
Understanding Security
Security Features Overview
Dependent Applications
Discussion of Dependencies on Underlying Platform
Technical Overview of the Security Features
Security Features of the Application
Authentication
Authorization
Audit
User Management
Encryption and Hashing
21
Post Installation - Application Administration
Roles and Permission Grants
Other Common Application Administration
22
Extending/Customization
23
Securing the Database
Application Schema Owners
Database Security Considerations
Restricted Access to Purge Batches
Part VI Oracle Retail Allocation
24
Allocation Security Considerations
Security Configuration
JMS Security
Part VII Active Retail Intelligence (ARI)
25
Security Considerations for Active Retail Intelligence (ARI)
Simple Mail Transfer (SMTP) Injections