| Oracle® Retail Predictive Application Server and Applications Cloud Edition Security Guide Release 19.0 F25911-13 |
|
 Previous |
 Next |
| Oracle® Retail Predictive Application Server and Applications Cloud Edition Security Guide Release 19.0 F25911-13 |
|
Previous |
Next |
The Oracle Retail Predictive Application Server Cloud Edition (RPASCE) is a platform that provides a set of common components used by a number of applications (solutions). For these solutions, RPASCE provides the infrastructure needed to store, process, and produce information based on data input by the retailer.
This guide discusses security considerations pertaining to the end user maintenance of an RPASCE Server application and the users of an RPASCE application.
The following section provides a brief introduction to RPASCE and its terminology.
RPASCE: A platform that provides a foundation to run solutions used for retail planning. RPASCE provides those solutions with a common interface based on wizards, templates, workbooks, and batch processes.
RPASCE Solution: An application running on top of RPASCE that provides solutions for retail activities such financial planning or forecasting demand.
RPASCE Domain: A collection of server side directories and files containing the data and procedures required to execute a specific RPASCE solution. Domains may be:
Global: contains data above the partition level as well as settings and metadata that apply across all local domains
Local: contains data for a single partition (for example, for one department in the product hierarchy)
|
Note: RPASCE users who are given access to only certain partitions may only have access to a subset of local domains. All users have access to the global domain. |
Secure deployment refers to the security of the infrastructure used to deploy the SaaS application. Key issues in secure deployment include Physical Safeguards, Network Security, Infrastructure Security, and Data Security.
RPASCE applications are deployed via Oracle Cloud Infrastructure datacenters. Access to Oracle Cloud data centers requires special authorization that is monitored and audited. The premises are monitored by CCTV, with entrances protected by physical barriers and security guards. Governance controls are in place to minimize the resources that are able to access systems. Physical security safeguards are further detailed in Oracle's Cloud Hosting and Delivery Policies.
http://www.oracle.com/us/corporate/contracts/ocloud-hosting-delivery-policies-3089853.pdf
The following principles are fundamental to using any application securely.
One of the principles of good security practice is to keep all software versions and patches up to date. Since all interactions with RPASCE applications occur through the web browser and the FTP client, these must be maintained at their latest release level for all client systems.
The principle of least privilege states that users must be given the lowest privilege level required to perform their jobs. Overly ambitious granting of responsibilities, roles, grants, and so on, especially early on in an organization's life cycle when people are few and work must be done quickly, often leaves a system wide open for abuse. User privileges must be reviewed periodically to determine relevance to current job responsibilities.
System security stands on three legs: good security protocols, proper system configuration, and system monitoring. Auditing and reviewing audit records address this third requirement. Each component within a system has some degree of monitoring capability. Follow the audit advice in this document and regularly monitor audit records.
