| Oracle® Retail Merchandising Security Guide Release 15.0 E65442-01 |
|
 Previous |
 Next |
The chapter provides guidance for administrators to understand, configure, and customize functional security for the Oracle Retail Sales Audit (ReSA) application.
The following topics are covered in this chapter:
|
Note: ReSA should implement similar file permissions as the RMS. For more information, see File Permissions. |
Access control of system resources is achieved by requiring users to authenticate at login and by restricting users to only those resources for which they are authorized. A default security configuration is available for immediate use after the Oracle Retail Fusion application is installed and is configured to use the Oracle Fusion Middleware security model. The default configuration includes four predefined security roles for application specific permission grants. Users can be added to predefined groups that are mapped to pre-configured application roles. ReSA is pre-configured to grant specific application permissions.
Table 12-1 Privileges
| Name | Description |
|---|---|
|
Search Store Days Priv |
A privilege for searching for store days and store day total transaction data summary information (transaction data summary). |
|
Maintain Store Days Priv |
A privilege for editing a store day including error list, over/short totals, miscellaneous totals, combined totals, total export log, revisions of totals (total audit trail), missing transactions and comments. |
|
Delete Store Day Priv |
A privilege for deleting a store day. |
|
View Store Day Priv |
A privilege for viewing a store day including error list, over/short totals, miscellaneous totals, combined totals, total export log, revisions of totals (total audit trail), missing transactions, store day import log, store day export log, store day total transaction data summary information (transaction data summary), and comments. |
|
Manually Set Store Day Data Status Priv |
A privilege for submitting an allocation for approval. |
|
Reset Store Day Audit Status Priv |
A privilege for resetting a store day's audit status. |
|
Search Transactions Priv |
A privilege for searching for transactions, transaction revisions (audit trail) and transaction summaries (item and tender). |
| Maintain Transactions Priv |
A privilege for creating and editing transactions, mass updating items on transactions through Item Summary, and comments. |
| Delete Transactions Priv |
A privilege for deleting transactions. |
| View Transactions Priv |
A privilege for viewing transactions, transaction revisions (audit trail), transaction summaries (item and tender) and comments. |
|
Post Void Transactions Priv |
A privilege for post voiding transactions. |
| Maintain Application Administration Priv |
A privilege for editing system options. |
|
View Application Administration Priv |
A privilege for viewing system options. |
|
Search Total Definition Priv |
A privilege for searching total definitions. |
|
Maintain Total Definition Priv |
A privilege for creating and editing total definitions. |
|
Submit Total Definition Priv |
A privilege for submitting a total definition for review. |
|
Approve Total Definition Priv |
A privilege for approving a total definition. |
|
Disable Total Definition Priv |
A privilege for disabling a total definition. |
|
Delete Total Definition Priv |
A privilege for deleting a total definition. |
|
View Total Definition Priv |
A privilege for viewing total definitions. |
|
Search Audit Rule Priv |
A privilege for searching audit rules. |
|
Maintain Audit Rule Priv |
A privilege for creating and editing audit rules. |
|
Submit Audit Rule Priv |
A privilege for submitting an audit rule for review. |
|
Approve Audit Rule Priv |
A privilege for approving an audit rule. |
|
Disable Audit Rule Priv |
A privilege for disabling an audit rule. |
|
Delete Audit Rule Priv |
A privilege for deleting an audit rule. |
|
View Audit Rule Priv |
A privilege for viewing audit rules. |
|
Maintain ACH Information Priv |
A privilege for maintaining Bank ACH and Store ACH information. |
|
View ACH Information Priv |
A privilege for viewing Bank ACH and Store ACH information. |
|
Maintain ReSA Admin Data Priv |
A privilege for maintaining error messages, GL (General Ledger) Cross Reference, Reference Fields, Currency Rounding Rules, and Store Data through Admin Data Loading. |
|
View ReSA Admin Data Priv |
A privilege for viewing error messages, GL (General Ledger) Cross Reference, Reference Fields, Currency Rounding Rules, and Store Data through Admin Data Loading. |
|
View GL Drill Back Priv |
A privilege for viewing General Ledger Drill Back. |
|
View GL Cross Reference Priv |
A privilege for viewing GL Cross Reference through Foundation Data Loading. |
|
Maintain Bank Store Priv |
A privilege for maintaining Bank Store relationships. |
|
View Bank Store Priv |
A privilege for viewing Bank Store relationships. |
|
Maintain Employees Priv |
A privilege for viewing assigned stores for ReSA users through location traits. |
|
View Employees Priv |
A privilege for viewing assigned stores for ReSA users through location traits. |
|
Maintain Error Override Priv |
A privilege for editing the Override check box on the Error List tab in either the Store Day Summary or Balance Level Summary screens. |
|
View Error Override Priv |
A privilege for viewing the Override check box on the Error List tab in either the Store Day Summary, Balance Level Summary screens, or on the Sales Audit Errors popup. |
|
View Store Day Summary Over/Short Value Priv |
A privilege for viewing the Over/Short value in the Status container in the Store Day Summary screen. |
|
View Balance Level Summary Over/Short Value Priv |
A privilege for viewing the Over/Short value in the Status container in the Balance Level Summary screen. |
|
View Over/Short Totals Trial Over/Short Values Priv |
A privilege for viewing the Trial Over/Short values in both the Accounted for and the Accountable containers on the Over/Short Totals tab in either the Store Day Summary or the Balance Level Summary screens. |
|
Maintain Over/Short Totals HQ Reported Value Priv |
A privilege for editing the HQ Reported values in both the Accounted For and the Accountable For containers on the Over/Short Totals tab in either the Store Day Summary or Balance Level Summary screens. |
|
View Over/Short Totals HQ Reported Value Priv |
A privilege for viewing the HQ Reported values in both the Accounted For and the Accountable For containers on the Over/Short Totals tab in either the Store Day Summary or Balance Level Summary screens. |
|
Maintain Miscellaneous Totals HQ Reported Value Priv |
A privilege for editing the HQ Reported value on the Miscellaneous Totals tab in either the Store Day Summary or Balance Level Summary screens. |
|
View Miscellaneous Totals HQ Reported Value Priv |
A privilege for viewing the HQ Reported value on the Miscellaneous Totals tab in either the Store Day Summary or Balance Level Summary screens. |
|
View System Calculated Totals Value Priv |
A privilege for viewing the System Reported Totals values in both the Accounted For and the Accountable For containers on the Over/Short Totals tab in either the Store Day Summary or Balance Level Summary screens, as well as on the Miscellaneous Totals tab in either the Store Day Summary or Balance Level Summary screens. |
|
View Flash Reports Priv |
A privilege for viewing the Flash Totals and Flash Sales reports accessed through the main Tasks list or through the Store Day Summary screen. |
|
View Transaction Reports Priv |
A privilege for viewing the Credit Card Summary and the Voucher Activity reports accessed through the main Tasks list. |
Table 12-2 Duties
| Duty | Description | List of Privileges |
|---|---|---|
|
Store Day Inquiry Duty |
A duty for viewing store days. |
Search Store Days PrivView Store Days PrivView Flash Reports Priv |
| Store Day Management Duty |
A duty for managing Store Days. This duty is an extension of the Store Day Inquiry Duty. |
All privileges found in the Store Day Inquiry Duty.Maintain Store Day PrivDelete Store Day Priv |
|
Store Day Manual Status Update Duty |
A duty for setting a Store Day's Data Status and Audit Status. |
Manually Set Store Day Data Status PrivReset Store Day Audit Status Priv |
|
Transaction Inquiry Duty |
A duty for viewing transactions, transaction revisions and transaction summaries. |
Search Transactions PrivView Transactions PrivView Transaction Reports Priv |
|
Transaction Management Duty |
A duty for managing transactions. This duty is an extension of the Transaction Inquiry Duty. |
All privileges found in the Transaction Inquiry Duty.Maintain Transaction PrivDelete Transaction Priv |
|
Transaction Post Void Duty |
A duty for post voiding a transaction. |
Post Void Transaction Priv |
|
Application Administration Inquiry Duty |
A duty for viewing ReSA System Options. |
View Application Administration Priv |
| Application Administration Management Duty |
A duty for managing ReSA System Options. This duty is an extension of the Application Administration Inquiry Duty. |
All privileges found in the Application Administration Inquiry Duty. Maintain Application Administration Priv |
| Total Definition Inquiry Duty |
A duty for viewing total definitions. |
Search Total Definition PrivView Total Definition Priv |
| Total Definition Management Duty | A duty for managing total definitions. This duty is an extension of the Total Definition Inquiry Duty. | All privileges found in the Total Definition Inquiry Duty. Maintain Total Definition Priv Delete Total Definition Priv |
|
Total Definition Submit Duty |
A duty for submitting an Total Definition for approval. |
Submit Total Definition Priv |
|
Total Definition Review Duty |
A duty for approving or disabling a total definition. |
Approve Total Definition Priv Disable Total Definition Priv |
| Audit Rule Inquiry Duty |
A duty for viewing audit rules. |
Search Audit Rule Priv View Audit Rule Priv |
|
Audit Rule Management Duty |
A duty for managing audit rules. This duty is an extension of the Audit Rule Inquiry Duty. |
All privileges found in the Audit Rule Inquiry Duty. Maintain Audit Rule Priv Delete Audit Rule Priv |
| Audit Rule Submit Duty | A duty for submitting an audit rule for approval. |
Submit Audit Rule Priv |
| Audit Rule Review Duty | A duty for approving or disabling an audit rule. |
Approve Audit Rule PrivDisable Audit Rule Priv |
| ACH Information Inquiry Duty | A duty for viewing ACH information including Bank ACH and Store ACH. |
View ACH Information Priv |
| ACH Information Management Duty | A duty for managing ACH information. This duty is an extension of the ACH Information Inquiry Duty. |
All privileges found in the ACH Information Inquiry Duty.Maintain ACH Information Priv |
| ReSA Admin Data Management Duty | A duty for managing ReSA Error Messages, GL Cross Reference, Reference Fields, Currency Rounding Rules and Store Data through the Upload and Download Actions in Admin Data Loading. This duty is an extension of the Admin Data Inquiry Duty. |
View ReSA Admin Data PrivMaintain ReSA Admin Data Priv |
| Bank Store Inquiry Duty | A duty for viewing Bank Store. |
View Bank Store Priv |
| Bank Store Management Duty | A duty for managing Bank Store. This duty is an extension of the Bank Store Inquiry Duty. |
All privileges found in the Bank Store Inquiry Duty.Maintain Bank Store Priv |
| Employee Inquiry Duty | A duty for viewing Employee. |
View Employees Priv |
| Employee Management Duty | A duty for managing Employee. This duty is an extension of the Employee Inquiry Duty. |
All privileges found in the Employee Inquiry Duty.Maintain Employees Priv |
| Error Override Review Duty | A duty for viewing the Override check box on the Error List tab on either the Store Day Summary or Balance Level Summary screens, or on the Sales Audit Errors popup. |
View Error Override Priv |
| Error Override Management Duty | A duty for the ability to override errors by checking the Override check box on the Error List tab on either the Store Day Summary or Balance Level Summary screens. |
All privileges found in the Error Override Review Duty.Edit Error Override Priv |
| Totals HQ Reported Value Review Duty | A duty for viewing the HQ Reported values on both the Over/Short Totals and Miscellaneous Totals tabs on either the Store Day Summary or Balance Level Summary screens. |
View Over/Short Totals HQ Reported Value PrivView Miscellaneous Totals HQ Reported Value Priv |
| Totals HQ Reported Value Management Duty | A duty for the ability to override errors by checking the Override check box on the Error List tab on either the Store Day Summary or Balance Level Summary screens. |
All privileges found in the Totals HQ Reported Value Review Duty.Edit Over/Short Totals HQ Reported Value PrivEdit Miscellaneous Totals HQ Reported Value Priv |
| Over/Short Value Review Duty | A duty for viewing the Over/Short values in the Status container on either the Store Day Summary or Balance Level Summary screens as well as the Trial Over/Short values on the Over/Short Totals tabs in either the Store Day Summary or Balance Level Summary screens. |
View Store Day Summary Over/Short Value PrivView Balance Level Summary Over/Short Value PrivView Over/Short Totals Trial Over/Short Values Priv |
| Totals System Reported Value Review Duty | A duty for viewing the System Reported values on both the Over/Short Totals and Miscellaneous Totals tabs on either the Store Day Summary or Balance Level Summary screens. |
View System Calculated Totals Value Priv |
|
GL Inquiry Duty |
A duty for viewing GL Cross Reference and GL Drill Back. |
View GL Cross Reference Priv View GL Drill Back Priv |
Table 12-3 Role to Task Mapping
| Role | ||||
|---|---|---|---|---|
| Column Name | Sales Auditor | Sales Auditor Manager | Finance Manager | Administrator |
|
Main Navigation Tasks |
Store Day Audit |
Store Day Audit |
Store Day Audit (View Only) |
Foundation Data Loading
|
|
Create Transaction |
Create Transaction |
Manage Transaction (View Only) |
System Options | |
|
Manage Transactions |
Manage Transactions |
Foundation Data Loading
|
RMS Company Closing |
|
|
Bank ACH |
Bank ACH |
Create Total Definition |
Employees | |
|
Store ACH |
Store ACH |
Manage Total Definition |
Bank Store | |
|
Total Audit Trail |
Total Audit Trail |
Bank Store |
||
|
Transaction Audit Trail |
Transaction Audit Trail |
Bank ACH (View Only) |
||
|
Item Summary |
Item Summary |
Store ACH (View Only) |
||
|
Tender Summary |
Tender Summary |
General Ledger Drill Back |
||
|
Create Audit Rule |
Create Audit Rule |
Manage Audit Rule (View Only) |
||
|
Manage Audit Rule |
Manage Audit Rule |
View Reports
|
||
|
Create Total Definitions |
Create Total Definitions |
|||
|
Manage Total Definitions |
Manage Total Definitions |
|||
|
View Reports
|
RMS Company Closing |
|||
|
Employees |
||||
|
Foundation Data Loading
|
||||
|
View Reports
|
||||
Data security can be set up to limit visibility to data within the merchandise and organizational Hierarchies. In ReSA, only data security on the organizational hierarchy is used. ReSA users have access to all items in the merchandise hierarchy, but can only see data for stores to which they have data authorization based on this data security setup in RMS.
For more information on the Data security, see Security Features of the Application section under Chapter 10.
Unlike RMS which relies on the database user ID for applying the data security, Resa uses the application logged in LDAP ID. The application user ID is copied to database session context RETAIL_CTX. APP_USER_ID. The RMS security table SEC_USER now also holds application user ID in addition to database user ID. The data security function uses the application user ID for applying the security policy if database session context RETAIL_CTX. APP_USER_ID is available else, it uses the logged in database ID for applying security policy.
When setting up RMS database roles and privileges, it is important to consider that roles with access to the RMS schema also have access to sensitive ReSA data. The ReSA tables listed in Table 12-4 contain sensitive information, including bank account information. ReSA resides in the same database as RMS and other MOM products, so it may be required to secure the ReSA tables so that unauthorized users do not access/modify the data in the ReSA tables. This access can be secured by using the database roles and privileges. Caution is advised when applying duplicate ReSA application login rules and/or privileges to non-ReSA users, as the sensitive data in the below tables will be accessible to these users.
Additionally, the following ReSA tables should be protected via an encrypted tablespace. For more information on setting up an encrypted tablespace, see Chapter 1 Creating an Encrypted Tablespace in Oracle 12c Container Database section.
Due to the sensitive nature of the data in these ReSA tables, any new custom applications used by the retailer must be fully tested for SQL injection vulnerabilities, especially if the applications have full access to the RMS schema.
It is recommended that access to these tables is audited by the retailer. Oracle RMS and ReSA are the only Oracle-supplied software that have access to these tables. Batch programs that access these tables can be found in the Oracle Retail Sales Audit Operations Guide. If sensitive data in these tables is not used by the retailer, it is recommended that this data is removed from the tables. For more information on securing ReSA tables, see RMS Users and Security section.
For more information on Merch Mobile Security Consideration, see Functional Security for Applications Using Fusion Middleware chapter.
For more information on ReST Services Security Consideration, see the Oracle Retail Sales Audit Operations Guide.
| Duty | Description | List of Privileges |
|---|---|---|
|
Sales Audit Analyst |
Store Day Management DutyStore Day Manual Status Update DutyTransaction Management DutyTransaction Post Void DutyTotal Definition Management DutyTotal Definition Submit DutyTotal Definition Review DutyAudit Rule Management DutyAudit Rule Submit DutyAudit Rule Review DutyACH Information Management DutyError Override Management DutyError Override Review DutyTotals HQ Reported Value Management DutyTotals HQ Reported Value Review DutyTotals System Reported Value Review DutyOver/Short Value Review Duty |
Search Store Days PrivMaintain Store Days Priv Delete Store Day Priv View Store Day Priv Manually Set Store Day Data Status Priv Reset Store Day Audit Status Priv View Flash Reports Priv Search Transactions Priv Maintain Transactions Priv Delete Transactions Priv View Transactions Priv Post Void Transactions Priv View Transaction Reports Priv Search Total Definition Priv View Total Definition Priv Maintain Total Definition Priv Delete Total Definition Priv Submit Total Definition Priv Approve Total Definition Priv Disable Total Definition Priv Search Audit Rule Priv View Audit Rule Priv Maintain Audit Rule Priv Delete Audit Rule Priv Submit Audit Rule Priv Approve Audit Rule Priv Disable Audit Rule Priv Maintain ACH Information Priv View ACH Information Priv Edit Error Override Priv View Error Override Priv Edit Over/Short Totals HQ Reported Value Priv View Over/Short Totals HQ Reported Value Priv Edit Miscellaneous Totals HQ Reported Value Priv View Miscellaneous Totals HQ Reported Value Priv View System Calculated Totals Value Priv |
|
View Store Day Summary Over/Short Value Priv View Balance Level Summary Over/Short Value Priv View Over/Short Totals Trial Over/Short Values Priv |
||
|
Sales Audit Manager |
Store Day Management Duty Store Day Manual Status Update Duty Transaction Management Duty Transaction Post Void Duty Total Definition Management Duty Total Definition Submit Duty Total Definition Review Duty Audit Rule Management Duty Audit Rule Submit Duty Audit Rule Review Duty ACH Information Management Duty ReSA Admin Data Management Duty Employee Management Duty Error Override Management Duty Error Override Review Duty Totals HQ Reported Value Management Duty Totals HQ Reported Value Review Duty Totals System Reported Value Review Duty Over/Short Value Review Duty |
Search Store Days Priv Maintain Store Days Priv Delete Store Day Priv View Store Day Priv Manually Set Store Day Data Status Priv Reset Store Day Audit Status Priv View Flash Reports Priv Search Transactions Priv Maintain Transactions Priv Delete Transactions Priv View Transactions Priv Post Void Transactions Priv View Transaction Reports Priv Search Total Definition Priv View Total Definition Priv Maintain Total Definition Priv Delete Total Definition Priv Submit Total Definition Priv Approve Total Definition Priv Disable Total Definition Priv Search Audit Rule Priv View Audit Rule Priv Maintain Audit Rule Priv Delete Audit Rule Priv Submit Audit Rule Priv Approve Audit Rule Priv Disable Audit Rule Priv Maintain ACH Information Priv View ACH Information Priv Maintain ReSA Admin Data Priv View ReSA Admin Data Priv Maintain Employees Priv View Employees Priv Edit Error Override Priv View Error Override Priv Edit Over/Short Totals HQ Reported Value Priv View Over/Short Totals HQ Reported Value Priv Edit Miscellaneous Totals HQ |
|
Reported Value Priv View Miscellaneous Totals HQ Reported Value Priv View System Calculated Totals Value Priv View Store Day Summary Over/Short Value Priv View Balance Level Summary Over/Short Value Priv View Over/Short Totals Trial Over/Short Values Priv |
||
|
Finance Manager |
Store Day Inquiry Duty Transaction Inquiry Duty GL Management Duty Bank Store Management Duty Total Definition Management Duty Total Definition Submit Duty Total Definition Review Duty ACH Information Inquiry Duty Audit Rule Inquiry Duty Error Override Review Duty Totals HQ Reported Value Review Duty Totals System Reported Value Review Duty Over/Short Value Review Duty |
Search Store Days Priv View Store Day Priv View Flash Reports Priv Search Transactions Priv View Transactions Priv View Transaction Reports Priv Maintain ReSA Admin Data Priv View ReSA Admin Data Priv View GL Drill Back Priv Maintain Bank Store Priv View Bank Store Priv Search Total Definition Priv View Total Definition Priv Maintain Total Definition Priv Delete Total Definition Priv Submit Total Definition Priv Approve Total Definition Priv Disable Total Definition Priv View ACH Information Priv View Audit Rules Priv View Error Override Priv View Over/Short Totals HQ Reported Value Priv View Miscellaneous Totals HQ Reported Value Priv View System Calculated Totals Value Priv View Store Day Summary Over/Short Value Priv View Balance Level Summary Over/Short Value Priv View Over/Short Totals Trial Over/Short Values Priv |
|
Sales Audit System Administrator |
Store Day Inquiry Duty Store Day Management Duty Store Day Manual Status Update Duty Transaction Inquiry Duty Transaction Management Duty Transaction Post Void Duty Application Administration Inquiry Duty Application Administration Management Duty Total Definition Inquiry Duty Total Definition Management Duty Total Definition Submit Duty Total Definition Review Duty Audit Rule Inquiry Duty Audit Rule Management Duty Audit Rule Submit Duty Audit Rule Review Duty ACH Information Inquiry Duty ACH Information Management Duty ReSA Admin Data Management Duty Bank Store Inquiry Duty Bank Store Management Duty Employee Inquiry Duty Employee Management Duty Error Override Review Duty Error Override Management Duty Totals HQ Reported Value Review Duty Over/Short Value Review Duty Totals System Reported Value Review Duty |
Search Store Days Priv Maintain Store Days Priv Delete Store Day Priv View Store Day PrivManually Set Store Day Data Status Priv Reset Store Day Audit Status Priv Search Transactions Priv Maintain Transactions Priv Delete Transactions Priv View Transactions Priv View Employees Priv Post Void Transactions Priv Maintain Application Administration Priv Application Administration Priv Total Definition Priv Maintain Total Definition Priv Submit Total Definition Priv Approve Total Definition Priv Disable Total Definition Priv Delete Total Definition Priv Total Definition Priv Audit Rule Priv Maintain Audit Rule PrivSubmit Audit Rule Priv Approve Audit Rule PrivDisable Audit Rule PrivDelete Audit Rule PrivAudit Rule PrivMaintain ACH Information PrivView ACH Information PrivMaintain ReSA Admin Data PrivView ReSA Admin Data PrivView GL Drill Back PrivMaintain Bank Store Priv View Bank Store PrivMaintain Employees Priv View Employees PrivMaintain Error Override PrivView Error Override PrivView Store Day Summary Over/Short Value Priv |
| Duty | Description | List of Privileges |
| View Balance Level Summary Over/Short Value Priv View Over/Short Totals Trial Over/Short Values Priv Maintain Over/Short Totals HQ Reported Value Priv View Over/Short Totals HQ Reported Value Priv Maintain Miscellaneous Totals HQ Reported Value Priv View Miscellaneous Totals HQ Reported Value Priv View System Calculated Totals Value Priv View Flash Reports Priv View Transaction Reports Priv View All Reports Priv GL Inquiry Duty |
