| Oracle® Retail Predictive Application Server and Applications Cloud Edition Security Guide Release 19.0 F25911-13 |
|
 Previous |
 Next |
| Oracle® Retail Predictive Application Server and Applications Cloud Edition Security Guide Release 19.0 F25911-13 |
|
Previous |
Next |
This chapter of the security guide covers domain creation and maintenance.
The process of RPASCE application configuration can be performed by an RPASCE administrator, an application expert, a consultant or a third-party implementation team. In all cases, the process of creating or modifying the configuration of an RPASCE application is performed using a stand-alone Java application known as the RPASCE Configuration Tools.
The RPASCE Configuration Tools work with an XML representation of the content of a domain known as the domain configuration. Using the Configuration Tools, a domain configuration can be inspected and modified. The configuration is then used as an input to the rpasInstall process, which creates and modifies RPASCE domains.
Because the RPASCE Configuration Tools are supported only on the Windows platform, there is a need to manage the transfer of that configuration between the system being used for the configuration and the system on which the RPASCE domain will be built and maintained.
Although the configuration itself does not contain any sensitive information, it does contain information about the meta-data of the domain and the processes used to maintain and modify that domain data. As such, it is prudent to secure the representation of the domain contained within the configuration.
To that end, there are three areas in which the security of a configuration can be discussed. These areas are:
Upon the system on which the configuration process is performed.
Upon the system on which the RPASCE domain is deployed.
Upon the transfer of the configuration between the above two systems.
In each of these areas, precautions can be taken to maintain the integrity and confidentiality of the information represented within the configuration.
Securing the Configuration System
As the RPASCE Configuration Tools do not interact directly with an RPASCE domain, they cannot be used to inspect or modify domain information. However, because the configuration describes information about the information in the domain and the processes used to maintain and modify that information, it should be viewed as proprietary information. As such it should be subjected to the appropriate considerations employed to protect other proprietary information present on user systems.
The considerations include safeguarding the physical security of systems that store proprietary information, encryption of storage devices for these systems and limiting risk of exposure through controlling access to the information contained within the configuration.
Securing the Deployment System
.Once uploaded to the OCI environment, the configuration is protected by the same safeguards present to secure all domain resources residing within the host environment. No additional protections are required.
Securing the Transfer of Configurations
Configuration is performed on one or more users' individual systems. In order to build or update an RPASCE domain with that configuration, it is necessary to transfer the configuration to the system upon which the domain will be deployed. This transport is accomplished through use of the SFTP upload process that is documented for data file upload and is described therein.
The creation of positions within the dimensions of an RPASCE domain is a process that is performed as part of an off-line process managed through the loadHier utility. However, the business processes performed by some RPAS applications make deferring position creation and management to an off-line process unacceptable.
Dynamic Position Maintenance (DPM) allows user to create and manage certain positions in an online process while working within a workbook. Users can create additional positions within constraints based on domain security settings and the workbook configuration and enforced by the RPASCE Server instance.
Users can also modify and or delete existing positions created through DPM operations within constraints based on domain security settings and the workbook configuration and enforced by the RPASCE Server instance.
Users are not allowed to modify or delete positions which the domain's security settings do not grant them access to; they may also not modify positions not allowed by the configuration of the workbook in which they are working. Finally, changes to formal positions managed through the loadhier process cannot by modified in any circumstances through DPM operations.
Enabling DPM functionality within a workbook involves the following process:
Configurator must enable DPM on particular dimensions on the domain.
Configurator must enable DPM on the specific workbook template.
Configurator or system administrator must ensure there is enough space to accommodate the volume of DPM position given by the bitsize of the dimension.
Administrator must give WRITE permission on that workbook template to the user.
When a user creates DPM positions, they are treated as temporary positions; loadHier does not update these positions. A command line utility informalPositionMgr is available for the purpose of:
When a user has finalized its information and wants to convert them to normal positions.
Application involves creating a very large number of DPM positions.
Like all RPASCE server utilities, this command line utility should only have execution rights granted to system administrators.
Domain maintenance is a periodic operation that needs to be performed by the administrator. Its frequency depends on the degree to which the domain is subjected to hierarchy changes across time. Many of these operations can improve overall performance of data access operations - this can result in fewer contention issues which improves accessibility.
In addition, many of these operations involve removing data from the domain when that data is no longer needed by the operations being performed by the domain. This periodic cleansing serves to remove data from the system and addresses the need to retire data as a part of the data management life cycle. Some of the domain maintenance tasks that can be performed periodically are:
Purging Unused and Inactive Hierarchy Positions
All measure data within a domain is stored in either scalar or dimensional measures. As positions are introduced to the hierarchies of a domain, these positions become available for the storage of measure data. When a position is no longer needed by the domain, it can be purged. This purging, along with the use of the reindex domain, or optimize domain processes will result in the measure data associated with the retired positions being cleaned from the domain.
The purging process is performed by use of the loadHier utility purge operation. loadHier can be used to purge formal, informal, and user-defined positions from the listed hierarchies.
Clean-up of the Input and Processed Directories
RPASCE makes use of the loadhier and loadmeasure utilities to load information into the domain. These utilities read data in the form of text files that are staged to the input directory of the domain. Once the data in an input file is loaded, that file is moved to the processed sub-directory of the domain, where it is suffixed with a timestamp indicating the date and time of load.
The periodic clean-up of these processed files is advisable because, over a period of time, these files can occupy sizable and valuable diskspace. The RPASCE Online Administration interface provides a Clean Up task that includes an option to remove all files from the processed directory in the domain.
Reindexing Domain Arrays
Run the reindexDomain analyze option from the master domain on individual hier/dims periodically to check whether a particular hier/dim requires a bitsize increase or whether it needs to be defragged. If hierarchy operations are frequent enough and if the above check is not made, then the size of the hier/dim and the available list of physical ids may not be sufficient enough to accommodate and allocate for the incoming hierarchy load request. This can result in a loadhier failure.
ReindexDomain also reshapes arrays, and a periodical run, in conjunction with the use of hierarchy purging, will remove inactive physical IDs and can potentially reduce the size of the domain arrays and remove unneeded data from the domain.
Optimizing Domain Arrays
Run optimizeDomain periodically from the master domain to improve performance and to minimize the space required by the domain data. Optimize domain has options to selectively defrag domain data based on database fragmentation and, in conjunction with hierarchy purging, to clean up domain data that is no longer required by the system.
A detailed description of LoadHier, ReindexDomain, and OptimizeDomain can be found in the RPASCE Online Administration Guide.
