Go to primary content
Oracle® Retail Predictive Application Server and Applications Cloud Edition Security Guide
Release 22.1.202.0
F56956-01
  Go To Table Of Contents
Contents

Previous
Previous
 
Next
Next
 

5 Planning Data Schema Security

This chapter of the security guide covers Planning Data Schema (PDS) creation and maintenance.

Configuration Management

The process of RPASCE application configuration can be performed by an RPASCE administrator, an application expert, a consultant or a third-party implementation team. In all cases, the process of creating or modifying the configuration of an RPASCE application is performed using a stand-alone Java application known as the RPASCE Configuration Tools.

The RPASCE Configuration Tools work with an XML representation of the content of an application known as the application configuration. Using the Configuration Tools, an application configuration can be inspected and modified. The configuration is then used as an input to the application deployment process, which creates and modifies RPASCE PDS.

Because the RPASCE Configuration Tools are supported only on the Windows platform, there is a need to manage the transfer of that configuration between the system being used for the configuration and the system on which the RPASCE PDS will be built and maintained.

Although the configuration itself does not contain any sensitive information, it does contain information about the meta-data of the application and the processes used to maintain and modify that application data. As such, it is prudent to secure the representation of the application contained within the configuration.

To that end, there are three areas in which the security of a configuration can be discussed. These areas are:

  • Upon the system on which the configuration process is performed.

  • Upon the system on which the RPASCE PDS is deployed.

  • Upon the transfer of the configuration between the above two systems.

In each of these areas, precautions can be taken to maintain the integrity and confidentiality of the information represented within the configuration.

Securing the Configuration System

Because the RPASCE Configuration Tools do not interact directly with the RPASCE PDS, they cannot be used to inspect or modify PDS information. However, because the configuration describes the information in the PDS and the processes used to maintain and modify that information, it should be viewed as proprietary information. As such it should be subjected to the appropriate considerations employed to protect other proprietary information present on user systems.

The considerations include safeguarding the physical security of systems that store proprietary information, encryption of storage devices for these systems and limiting risk of exposure through controlling access to the information contained within the configuration.

Securing the Deployment System

.Once uploaded to the OCI environment, the configuration is protected by the same safeguards present to secure all application resources residing within the host environment. No additional protections are required.

Securing the Transfer of Configurations

Configuration is performed on one or more users' individual systems. In order to build or update an RPASCE PDS with that configuration, it is necessary to transfer the configuration to the system upon which the PDS will be deployed. This transfer is accomplished using the Oracle Cloud Infrastructure Object Storage service. OCI Object Storage provides a reliable and secure method of moving information into and out of RPASCE application instances.

Information on use of OCI Object Storage in conjunction with RPASCE applications can be found in the Oracle Retail Predictive Application Cloud Service Implementation Guide. Information on OCI Object Storage itself, including information on security best practices, can be found here:

https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/objectstorageoverview.htm">>https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/objectstorageoverview.htm

Dynamic Position Maintenance

The creation of positions within the dimensions of an RPASCE application is a process that is performed utility by loading the position information from flat files or through the integration of an RPASCE application with other Oracle Retail applications. However, the business processes performed by some RPAS applications make deferring position creation and management to an off-line process unacceptable.

Dynamic Position Maintenance (DPM) allows user to create and manage certain positions in an online process while working within a workbook. Users can create positions within constraints based on application security settings and the workbook configuration and enforced by the RPASCE Server instance.

Users can also modify and or delete existing positions created through DPM operations within constraints based on application security settings and the workbook configuration and enforced by the RPASCE Server instance.

Users are not allowed to modify or delete positions which the application's security settings do not grant them access to; they may also not modify positions of levels and dimensions not allowed by the configuration of the workbook in which they are working. Finally, formal positions managed through data load or integration with other Oracle Retail applications cannot by modified in any circumstances through DPM operations.

Enabling DPM functionality within a workbook involves the following process:

  1. Configurator must enable DPM on particular dimensions in the application.

  2. Configurator must enable DPM on the specific workbook template.

  3. Configurator or system administrator must ensure there is enough space to accommodate the volume of DPM position given by the bitsize of the dimension.

  4. Administrator must give WRITE permission on that workbook template to the user.

When a user creates DPM positions, they are treated as temporary positions; flat file operations and integration with other Oracle Retail applications do not update these positions. The Online Administration Tools (OAT) contain a Manage Informal Positions task that can be used for maintaining the informal positions of any levels in the application. This task can convert positions from formal to informal or from informal to formal. It can also remove informal positions, create informal positions in bulk, and copy data slices between positions in measures.

RPASCE Maintenance

PDS maintenance is a periodic operation that must be performed by the administrator. Many of these operations can improve overall performance of data access operations. This can result in fewer contention issues which improves accessibility.

In addition, many of these operations involve removing data from the PDS when that data is no longer needed by the operations being performed by the PDS. This periodic cleansing serves to remove data from the system and addresses the need to retire data as a part of the data management life cycle. Some of the PDS maintenance tasks that can be performed periodically are:

Purging Unused and Inactive Hierarchy Positions

All measure data within the PDS is stored in either scalar or dimensional measures. As positions are introduced to the hierarchies of the PDS, these positions become available for the storage of measure data. When a position is no longer required by the PDS, it can be purged. This hierarchy purging will result in the measure data associated with the retired positions being cleaned from the PDS.

The purging process is performed via the Load Dimension Data OAT task, which has a purgeAge option that can be used for purging unused hierarchy positions.

Clean Up Old Workbooks

It is possible to list all the workbooks in the application and determine which ones are old. "Managing Workbooks Using wbmgr", found in the Oracle Retail Predictive Application Server Administration Guide, describes using the option Manage Workspaces to list all the workbooks in the application. From this output, all the old and obsolete workbooks can be found. These old workbooks can be removed using the same Managing Workbooks task. Removing only the workbook and keeping the associated segment can help to rebuild the workbook later using the same selections if required. Segments without their workbooks do not require much space. Alternately, the entire segment can be removed using the Managing Segments task.

Clean Up Old Administration Tasks

The tasks in the OAT dashboard grow over time and take up valuable system resources. It is recommended that an Admin user periodically purge unused admin tasks. The task to perform the purge operation is described in "Purge Tasks from Task Status Dashboard Task", found in the Oracle Retail Predictive Application Server Administration Guide.

Performance Diagnostic Tool

The performance diagnostic tool contains valuable options to analyze system resources. See "Analyzing Workbook Performance", found in the Oracle Retail Predictive Application Server Administration Guide, regarding how to efficiently find workbooks that can be cleaned up.