Go to primary content
Oracle® Retail Predictive Application Server and Applications Cloud Edition Security Guide
Release 22.1.202.0
F56956-01
  Go To Table Of Contents
Contents

Previous
Previous
 
Next
Next
 

1 Overview

The Oracle Retail Predictive Application Server Cloud Edition (RPASCE) is a platform that provides a set of common components used by a number of applications (solutions). For these solutions, RPASCE provides the infrastructure needed to store, process, and produce information based on data input by the retailer.

This guide discusses security considerations pertaining to the end user maintenance of an RPASCE Server application and the users of an RPASCE application.

Terminology

The following section provides a brief introduction to RPASCE and its terminology.

RPASCE Concepts

  • RPASCE: A platform that provides a foundation to run solutions used for retail planning. RPASCE provides those solutions with a common interface based on wizards, templates, workbooks, and batch processes.

  • RPASCE Solution: An application running on top of RPASCE that provides solutions for retail activities such financial planning or forecasting demand.

  • Planning Data Schema: The Planning Data Schema (PDS) is a schema created within the Oracle Database containing the tables that contain application metadata, a customer's planning data, and the procedures used to access and manipulate that data. The majority of user interactions with customer information are performed in workspaces; however, data load and other offline batch activities operate directly on the PDS.

  • Workspaces: Users perform application tasks inside workspaces. A workspace is a sandbox built by pulling data from the PDS; it supports the operations a user requires to perform a given task within the application. Once a task is complete, the changes made within the workspace sandbox can be applied to update the information contained within the PDS.

RPASCE Applications

Users access an RPASCE solution through the RPASCE client, a web-based client.

In addition, Administrators can access the Configuration Tools. This is a Windows-based set of utilities used to configure and maintain a RPASCE solution.

Secure Deployment

Secure deployment refers to the security of the infrastructure used to deploy the SaaS application. Key issues in secure deployment include Physical Safeguards, Network Security, Infrastructure Security, and Data Security.

RPASCE applications are deployed via Oracle Cloud Infrastructure datacenters. Access to Oracle Cloud data centers requires special authorization that is monitored and audited. The premises are monitored by CCTV, with entrances protected by physical barriers and security guards. Governance controls are in place to minimize the resources that are able to access systems. Physical security safeguards are further detailed in Oracle's Cloud Hosting and Delivery Policies.

http://www.oracle.com/us/corporate/contracts/ocloud-hosting-delivery-policies-3089853.pdf

The above referenced document also contains information about practices concerning Network, Infrastructure, and Data Security for applications deployed in the Oracle Cloud Infrastructure datacenters.

General Security Principles

The following principles are fundamental to using any application securely.

Keep Software Up to Date

One of the principles of good security practice is to keep all software versions and patches up to date. Since all interactions with RPASCE applications occur via a web browser (either through the RPASCE Client or through the Object Store web interface) and the FTP, these must be maintained at their latest release level to ensure the security of customer information.

Follow the Principle of Least Privilege

The principle of least privilege states that users must be given the lowest privilege level required to perform their jobs. Overly ambitious granting of responsibilities, roles, grants, and so on, especially early on in an organization's life cycle when people are few and work must be done quickly, often leaves a system wide open for abuse. User privileges must be reviewed periodically to determine relevance to current job responsibilities.

Monitor System Activity

System security stands on three legs: good security protocols, proper system configuration, and system monitoring. Auditing and reviewing audit records address this third requirement. Each component within a system has some degree of monitoring capability. Follow the audit advice in this document and regularly monitor audit records.

Keep Up to Date on Latest Security Information

Oracle continually improves its software and documentation. Check this note yearly for revisions.