| Oracle® Retail Store Inventory Management Security Guide Release 15.0 E68593-01 |
|
 Previous |
This section covers the administration of SIM security.
SIM uses role based security to control user access to application features and functionality.
Permissions represent authorized access to specific operations or functionality. Roles are created to represent job functions that correspond to specific levels of authority, and are assigned one or more permissions.
Users are assigned one or more roles in order to grant access to functionality related to their job. A user's authorized permission set is determined by the union of the permission sets for each authorized role. Role assignments can be constrained by start and end dates.
Users are also assigned one of more stores in order to grant access to specific stores. These store assignments are required for a user to log into the store, or even access role assignments for the store.
Super users are an exception to this rule. They have access to all stores, but still require role assignments to gain access to functionality.
For detail information on role based security and user management, see the Oracle Retail SIM Implementation Guide.
SIM uses the OPSS credential store framework for managing sensitive information related to application security. Although some data such as encryption keys may be automatically managed by the application, some of the credentials are configured by the installer, such as RIB integration credentials. The credential store data can be managed through either OPSS scripts or using Oracle Enterprise Manager.
For detailed information on the OPSS credential store framework, see the Oracle Fusion Middleware Application Security Guide.
Log files are generated by WebLogic application server and SIM application.
The WebLogic log files are configured and managed by the application server and contain infrastructure information.
The SIM application log files are produced according to the SIM log configuration and contain application operation information. The default configuration generates log files in a log directory in the WebLogic domain directory structure, but shares the same OS user and file access conditions as the WebLogic log files.
It is recommended to restrict access to log files purely to administrators and the WebLogic application server process owner.
Generally SIM does not limit the number of concurrent sessions for users. The SIM client application includes a feature that prevents more than one instance of the client to be launched concurrently on a single machine, although it does not prevent the same user from logging in on different machines or devices simultaneously. This option is enabled by default but can be disabled through configuration in the client.cfg file, located in sim-client-resources.jar.
For detailed information on this configuration file, see the Oracle Retail Store Inventory Management Operations Guide.
Session timeouts can be controlled by configuring resources in the application deployment and WebLogic server. The application uses WebLogic default timeouts with some exceptions for long running EJB services, such as batch operations. These timeout overrides can be found in the weblogic-ejb-jar.xml deployment descriptor file, located in sim-server.ear.
It is recommended to use the minimum appropriate timeout values to reduce the impact of denial of service attacks to resource availability. However, these timeout values should not be set so short as to interfere with the operations of legitimate users.
SIM security features have been designed to allow for extension and customization. This includes configuration options such as algorithms and parameters. It also allows custom implementations of security components to be used.
Custom implementations are developed using the same customization patterns found elsewhere in SIM. This involves extending or replacing factory implementations that provide custom implementations of factory built objects. For customization of classes that are not built by a factory, the implementation class name is configured in the respective configuration file.
For detailed information on configuration options and application customization, see the Oracle Retail Store Inventory Management Operations and Implementation Guides.
The following documents give more information:
Oracle Retail Store Inventory Management 15.0 Release Notes.
Oracle Retail Store Inventory Management 15.0 Installation Guide.
Oracle Retail Store Inventory Management 15.0 User Guide.
Oracle Retail Store Inventory Management 15.0 Implementation Guides.
Oracle Retail Store Inventory Management 15.0 Operations Guide.
