| Oracle® Retail Process Orchestration and Monitoring Security Guide Release 4.0.1 F17860-01 |
|
 Previous |
 Next |
| Oracle® Retail Process Orchestration and Monitoring Security Guide Release 4.0.1 F17860-01 |
|
Previous |
Next |
This chapter contains a technical overview of the authentication process used for POM and how it uses Oracle Access manager and Single Sign-On.
The security features of the Application are as follows:
Access Control - It is the process of restricting access to a particular entity based upon a broad range of criteria that may or may not include the attributes related to a particular user.
Authentication - It is the process of verifying the identity of a user. The authentication process usually requires a user to provide a user name and password or a combination thereof, upon signing into an application.
Authorization - It is the process of checking to see if an authenticated user has the privilege to access particular system functionality.
Data Authorization - It is the process of determining an authenticated user's rights to act upon a particular set of data. This process typically checks if the authenticated user is linked to a certain level in the organization hierarchy and/or a certain level in the merchandise hierarchy.
Role-Based Access - Within the Oracle Retail's systems, users are assigned to different roles. The role logical grouping has different access rights to specific functions within the various Oracle Retail Systems.
User Store - It is a repository that holds user data required for authentication and authorization processes. Security Features of the Application
The levels of security offered by POM are as follows:
Database-level security - This is a built in feature of Oracle Database, based on database roles.
Application-level security - This is the screen-level security based on Application User roles.
For information on this section, see Pre-installation of Retail Infrastructure in WebLogic.
Application-level security requires users to authenticate at login and restricts them to only those resources for which they are authorized.
The user's access to either entire areas of the system (for example, Batch Monitoring) the modes in which users can access areas (for example, viewing Batch Monitoring only) will be restricted through this. The users are associated to groups that are mapped to application roles.The application-specific permissions are granted to these security roles. For more information on the security roles, see Figure 12-0.
