| Oracle® Retail Analytics Security Guide Release 14.1 E58119-01 |
|
 Previous |
 Next |
Oracle Retail Analytics integrates tightly with Oracle Business Intelligence Enterprise Edition (BI EE) to allow the right content to be shown to the right user. All components of Oracle Business Intelligence Enterprise Edition are fully integrated with Oracle Fusion Middleware security architecture. Oracle BI EE authenticates users using an Oracle WebLogic Server authentication provider against user information held in an identity store. User and group information is held within the Oracle WebLogic Server embedded directory server, which is the default identity store.
Ensure that you are familiar with the security features of Oracle Business Intelligence Enterprise Edition before you begin working with Oracle BI Applications.
Security settings for Oracle Business Intelligence Enterprise Edition are made in the following Oracle Business Intelligence components. See the Oracle Business Intelligence Enterprise Edition Security Guide for more details.
You must include an introductory element, such as a Para, before inserting the first Sect1 element. This requirement prevents arriving at an empty XHTML page for a chapter or appendix if you have selected the option of breaking at Sect1 when generating XHTML output
Oracle WebLogic Server Administration Console
Oracle Fusion Middleware Control
Oracle BI Administration Tool
Administration Page in Oracle BI Presentation Catalog
Security in Oracle Retail Analytics can be classified into the following types. By default, Retail Analytics does not provide these security features. You can choose to implement it based on the implementation requirements:
Data-level security – controls the visibility of data (content rendered in subject areas, dashboards, Oracle BI answers, and so on) based on the user's association to data in the transactional system.
Object-level security – controls the visibility to business logical objects based on a user's role. You can set up object-level security for metadata repository objects, such as subject areas and presentation folders, and for web objects, such as dashboards and dashboard pages, which are defined in the presentation catalog.
This section describes the object-level security features in Retail Analytics. It contains the following topics:
Metadata Object-Level Security (Repository Groups)
Metadata Object-Level Security (Presentation Services)
Application roles control access to metadata objects, such as subject areas, tables, and columns. For example, certain Retail Analytics roles may not have access to view certain presentation tables. Metadata object security is configured in the Oracle BI Repository, using the Oracle BI Administration Tool. The Everyone user group is denied access to some of the presentation tables and only related roles have explicit read access. This access can be extended to subject areas and columns.
|
Note: By default in Oracle BI Retail Analytics, only permissions at the presentation tables and dashboard level have been configured. |
Below are the list of Retail Analytics roles and the associated groups. You have to create these groups in your authentication provider. For more information on how to set-up groups, refer to the Oracle® Fusion Middleware - Security Guide for Oracle Business Intelligence Enterprise Edition.
Retail Analytics is built with role-based access. Permissions are associated with roles.
The following groups and application roles are available:
Table 2-1 Groups and Application Roles
| Groups | Roles |
|---|---|
|
RetailAnalysts |
RetailAnalyst |
|
RetailBuyers |
RetailBuyer |
|
RetailBuyerAnalysts |
RetailBuyerAnalyst |
|
RetailInventoryAnalysts |
RetailInventoryAnalyst |
|
RetailInventoryManagers |
RetailInventoryManager |
|
RetailMerchandiseExecutives |
RetailMerchandiseExecutive |
|
RetailMerchandiseFinancialPlanners |
RetailMerchandiseFinancialPlanner |
|
RetailPlanningExecutives |
RetailPlanningExecutive |
|
RetailPricingAnalysts |
RetailPricingAnalyst |
|
RetailPromotionalPlanners |
RetailPromotionalPlanner |
|
RetailAllocators |
RetailAllocator |
Table 2-2 Roles and Permission Grants
| Buyer | Buyer Analyst | Inventory Analyst | Inventory Manager | Allocator | Merchandise Executive | Merchandise Financial Planner | Planning Executive | Promotional Planner | Pricing Analyst | |
|---|---|---|---|---|---|---|---|---|---|---|
|
Cost and Profit |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
No |
Yes |
|
Markdown |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Forecast |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
Inventory Receipts |
No |
No |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
N |
No |
|
Sales |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Sales Pack |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
|
Supplier invoice |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
No |
No |
|
Supplier Compliance |
Yes |
Yes |
No |
No |
No |
Yes |
No |
Yes |
No |
No |
|
Inventory Position |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
Wholesale/ Franchisee |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
Price |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Plan |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Stock Ledger |
No |
No |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
No |
No |
|
Affinity |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
Promotion |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Trial And Repeat |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
Yes |
Yes |
|
Promotion Baseline |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Promotion Budget |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Promotion Actuals |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Promotion Forecast |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Customer Order and Touchpoint |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
Consumer |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Oracle BI Presentation Services objects are controlled using Presentation Services groups. Access to these objects, such as dashboards and pages, reports, and Web folders, is controlled using the Presentation Services groups. Presentation Services groups are customized in the Oracle BI Presentation Services interface. For detailed information about Presentation Services groups, see the Oracle Business Intelligence Presentation Services Administration Guide.
Table 2-3 Presentation Services Groups
| Dashboards | Reports | Buyer | Buyer Analyst | Inventory Analyst | Allocator | Inventory Manager | Merchandise Executive | Merchandise Financial Planner | Planning Executive | Promotional Planner | Pricing Analyst |
|---|---|---|---|---|---|---|---|---|---|---|---|
|
Overview |
Retail Merchandising Analytics Overview |
No |
No |
No |
No |
No |
Yes |
No |
Yes |
No |
No |
|
Merchandise Pack Performance |
Sales Pack Performance -Amount |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
|
Sales Pack Performance -Trend |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
|
|
Supplier Performance |
Current Supplier Scorecard |
Yes |
Yes |
No |
No |
No |
Yes |
No |
Yes |
No |
No |
|
Supplier Compliance Performance |
Yes |
Yes |
No |
No |
No |
Yes |
No |
Yes |
No |
No |
|
|
Merchandising Location Analysis |
Current Sales by Location Scorecard - Amount |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Current Sales By Location Scorecard - Quantity |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Current Sales Projection |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Current MTD Sales and Inventory Scorecard |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Daily Sales & Profit |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Inventory Alerts |
Location No Sale Items |
No |
No |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
No |
No |
|
Current Location WOS Warning |
No |
No |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
No |
No |
|
|
Supplier Cost Analysis |
Current Location Cost & Profit |
Yes |
Yes |
No |
No |
Yes |
Yes |
No |
Yes |
No |
No |
|
Invoice Cost Details |
Yes |
Yes |
No |
No |
Yes |
Yes |
No |
Yes |
No |
No |
|
|
Merchandise Sales and Profit |
Current Top 10 Sale Items |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Current Top 10 Sale Items As Is |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Current Sales and Profit Contribution |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Current WF Sales Trend |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Daily Sales & Profit Trends |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Markdowns |
Current Markdown Scorecard - Variance WTD |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Current Markdown Scorecard - Variance Time |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Current Markdown Scorecard-Markdown to Sales Ratio |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Current Markdown Scorecard Trend |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Current Promotion Scorecard |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Out of Stock Analysis |
Current Location Out of Stock Risk |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
Yes |
No |
|
Current Location Out of Stock % |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
Yes |
No |
|
|
Current Location Out of Stock Flag |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
Yes |
No |
|
|
Merchandise Performance |
Current Sales Scorecard |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Current Sales Scorecard As Is |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Current Sales Scorecard - Monthly Trend |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Season Performance |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Current Comp Stores Scorecard |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Current Price Trend |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Current Location Price Trend |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Inventory Performance |
Current Stock Turnover Ranking |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
Current Sales to GMROI Relationship |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
|
Customer Analysis Dashboard |
Customer Demographics Analysis |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Promotional Analysis by Customer Demographics |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Customer RFM Scores |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Customer Segment Transaction Analysis |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Customer Style Loyalty |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Trial & Repeat by Customer Household |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Promotions |
Promotion Event Scorecard |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Promotion Item Lift |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Promotion Item Basket Trend |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Market Basket Analysis |
MBA - Top 10 Product Affinities |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
Yes |
No |
|
MBA - Current Top 10 Promoted Subclass Affinities |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
Yes |
No |
|
|
MBA - Anchor Subclass Top Affinities by Promotions |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
Yes |
No |
|
|
MBA - Anchor Customer Segment Promotion Affinities |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
Yes |
No |
|
|
MBA - Anchor Subclass Top Affinities |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
Yes |
No |
|
|
Cluster Analysis |
Cluster Overview |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
Cluster Group Rank |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
|
Cluster Group to Cluster Inventory Comparison |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
|
Cluster Group to Cluster Inventory Comparison |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
|
Cluster Group to Cluster Inventory Comparison |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
|
Consumer Analysis |
Consumer Purchases by Channel |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Consumer Score |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Consumer Segment Gross Spend |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Consumer Spending by Income Range |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Consumer Item Penetration |
Yes |
Yes |
No |
No |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
|
|
Customer Order |
Demand and Fulfillment Comparison |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
Channel Profitability Comparisons |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
|
Top 6 Customer Segment Analyses (As-Was) |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
|
Top 6 Customer Segment Analyses (As-Is) |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
|
Channel Cancel and Backorder Correlation |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
|
Customer Order Brand Performance |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
|
Customer Order Service Levels (As-Was) |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
|
Customer Order Service Levels (As-Is) |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
|
Customer Order Service Levels (As-Is) |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
|
Wholesale Analysis |
Wholesale Sales and Inventory |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
Wholesale Transaction |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
|
Wholesale Transaction |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
|
|
Wholesale Transaction |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Retail Analytics front-end clients access Retail Analytics stored data through Oracle BI EE. The credentials for Oracle BI EE and Retail Analytics Database access are managed through Oracle BI EE security system. In Retail Analytics front-end, some security features, such as session timeout set, are also managed by Oracle BI EE and WebLogic server. See the Oracle BI EE WebLogic Security Guide for the detail information.
Retail Analytics batch users access Retail Analytics stored data through ODI. Then credentials for ODI and Retail Analytics Database access are managed through ODI security system. See ODI Security Guide for the detail information.
Configuration and logs files protection
Batch process:
To execute Retail Analytics batch, Retail Analytics batch scripts, Retail Analytics source data files, Retail Analytics configuration files, and Retail Analytics batch log files need to be placed under RA base home directory and Retail Analytics ODI home directory. These files are protected with secured permission. There is no world read for these files. Retail Analytics batch scripts have 750 file permission Retail Analytics configuration files have 660 permission, and Retail Analytics static data files have 640 permission.
Front-end process:
The default permission for Oracle BI EE configuration files and log files are 640.
The security and data access for Retail Analytics goes beyond simple role based associations. Typically users and groups are associated with roles. The setup of each role determines what object is accessible by the users.
Retail Analytics batch user is the only one who can run the batch scripts and the connections managed by ODI are used by the batch processes to access data sources.
For file permission, by default the following permissions are given to users to access files packaged with Retail Analytics once installation is completed.
All Retail Analytics scripts should at least have 750 permission
All configuration files should at least have 660 permission
All static data (csv files) should at least have 640 permission
Based on the permission above, besides owner (the installer user), the group member can also view and execute scripts, read and modify the configuration files, and read the static file. A user out of the group cannot do anything to Retail Analytics files and explicit permission needs to be given by the Administrator to users outside of the group.
