1 Administrative Tasks

This chapter describes the processes for maintaining users and roles as well as batch processes.

For information regarding standard end user activities like creating and viewing reports, please see the Oracle Retail Integration Cloud Services User Guide.

Oracle Support

It is considered to be a best practice to have all Oracle Retail Integration Cloud Services support requests submitted through a single point of contact for that customer environment; the client designated administrator is usually designated to perform this role.

The link to use when submitting Service Requests (SR) is:

https://support.oracle.com

User Creation

Before users can access the Oracle Retail Integration Cloud Services applications it is necessary to provision each user access to the system, and assign roles to each user to control what functionality will be available to them. The access provisioning is done using Oracle Identity Management (OIM). The following steps explain how to define users, assign roles and revoke access for users when needed. The OIM Application URL and the login with the required administrator access would be needed to execute the below steps:

Log into the OIM application.
Under Administration, click Users.

Figure 1-1 Select Users
Under Actions, click Create.

Figure 1-2 Select Create

The Create User screen appears.
Under Basic Information, enter the following:
- First Name
- Last Name
- For Organization, enter Retail
- For User Type, enter Full time employee
- E-mail: Email address of the employee
Under Account Settings, enter:
- User Login: <firstname>.<lastname>
- Password
- Confirm Password
Figure 1-3 Complete User Information
Click Submit.

Assigning Members to a Role

To assign members to a role, complete the following:

Log into the OIM application.
Click Users.

Figure 1-4 Select Users
Click the oim.test user.

Figure 1-5 oim.test User
Click the Roles tab.

Figure 1-6 Roles Tab
Click the Request Roles button.

Figure 1-7 Request Roles Button
Click the Add to Cart button next to the role you want to assign.

Figure 1-8 Adding Roles to the Cart
Click Next.

Figure 1-9 Add Access Request
Click Submit.

Figure 1-10 Submit Access Request

The role is now assigned to the User.

Figure 1-11 User Details

Retail Integration Cloud Services Default Enterprise Roles

Retail Integration Cloud Services is built with role-based access. Permissions are associated with roles.

The following roles are available:

RIB User Roles

Role Name	Admin Role	Operator Role	Monitor Role
Group Name	ribAdminGroup	ribOperatorGroup	ribMonitorGroup
Start/Stop Adapters	Yes	Yes	No
Change Log levels	Yes	Yes	No
View Logs	Yes	Yes	Yes

BDI Batch Admin Security Roles

Role Name	Admin Role	Operator Role	Monitor Role
Group Name	BdiJobAdminGroup	BdiJobOperatorGroup	BdiJobMonitorGroup
Edit configuration from UI	Yes	No	No
Create/update/delete system options	Yes	No	No
Create/update/delete system credentials	Yes	No	No
View credentials	Yes	No	No
Run Jobs	Yes	Yes	No
Monitor Jobs	Yes	Yes	No
HTTP GET method access to rest services	Yes	Yes	Yes
HTTP POST/PUT/DELETE method access to rest services	Yes	Restricted to few services.	No

BDI Process Flow Security Roles

Role Name	Admin Role	Operator Role	Monitor Role
Group Name	BdiProcessAdminGroup	BdiProcessOperatorGroup	BdiProcessMonitorGroup
Update Process DSL	Yes	No	No
Start/Restart Process	Yes	Yes	No
All other services	Yes	Yes	No
Read Only Access to Process Flow Live, Manage, Process Flow, Historical Process, Flow Executions, System Logs UI tabs.	Yes	Yes	Yes
HTTP GET method access to rest services	Yes	Yes	Yes
HTTP POST/PUT/DELETE method access to rest services	Yes	Yes	Yes

BDI Scheduler Security Roles

Role Name	Admin Role	Operator Role	Monitor Role
Group Name	BdiSchedulerAdminGroup	BdiSchedulerOperatorGroup	BdiSchedulerMonitorGroup
View and search	Yes	Yes	Yes
Create schedule	Yes	No	No
Edit schedule	Yes	No	No
Delete schedule	Yes	No	No
Manual run schedule	Yes	Yes	Yes
Disable schedule	Yes	Yes	No
Enable schedule	Yes	Yes	No
HTTP GET method access to rest services	Yes	Yes	Yes
HTTP POST/PUT/DELETE method access to rest services	Yes	Yes	No

Revoking Role Membership

To revoke the membership of a member in a role:

Log into the OIM application.
Click Users.

Figure 1-12 Select Users
Click the oim.test user.

Figure 1-13 Select Role to Revoke Users
Click the Roles tab.

Figure 1-14 Roles Tab
Select the Role you want to revoke and click the Remove Role button.

Figure 1-15 Remove Roles Button
In the Remove Roles screen, click Submit.

Figure 1-16 Remove Roles Screen

Deleting a User or Disabling User Privileges

To delete or disable a user

Log into the OIM application.
Under Administration, click Users.

Figure 1-17 Select Users
Select the user and click Disable or Delete as necessary.

Figure 1-18 Delete and Disable
You can also Lock or Unlock a particular user from the same screen if needed.

Resetting a User Password

To reset the password of a user:

Log into the OIM application.
Under Administration, click Users.

Figure 1-19 Select Users
Click the Search tab and then select on the User you want to reset the password.
Click on Reset Password.

Figure 1-20 Reset Password Button
In the Reset Password screen, make sure Auto-generate the Password is selected and Click on Reset Password. (The system will auto generate the password and will email it to the user.)

Figure 1-21 Reset Password

Approve Requests from User

The users can also request for the Roles or revoke those that are available for him to access the RIS Service. Below are the steps to approve the request from the User.

Login into OIM Application.
Click Pending Approvals.

Figure 1-22 Select Pending Approvals
Click on the Action that is assigned to you.

Figure 1-23 Pending Approvals Tab
Click the Claim button.

Figure 1-24 Claim the Pending Approval
Click Approve or Reject.

Figure 1-25 Approve Pending Approval
Once done the request is completed.

Approve Requests from User for Multiple Roles

The users can also request for the multiple Roles or revoke them if they are available for him to access the RIS Service. Below are the steps to approve the request from the User.

Login into OIM Application.
Click Pending Approvals.

Figure 1-26 Select Pending Approvals
Click on the Action that is assigned to you.

Figure 1-27 Pending Approvals Tab
Click the Claim button.

Figure 1-28 Claim the Pending Approval
Click Approve or Reject.

Figure 1-29 Approve Pending Approval
Once done, if approved, the request is split into multiple requests, one for each role for each user. Approve all of them by following steps 3 to 5.
Once all the requests are approved, all the roles will be assigned to users.

Note:

The customer administrator can request multiple roles for multiple users. Once this request is made, the customer administrator is required to approve the request using the Approve Requests from User for Multiple Roles process.

Importing a Batch of User Accounts

If you have batch of users that have to be created, the Oracle team can bulk load the users into the OIM Application. When users are bulk loaded their initial password will be set to the current password of a template user. The new users will be required to change their password on first login.

To request the creation of accounts by bulk loading, follow the below steps.

Create CSV file listing all users to create (see example below).
Create or identify a user to whose password will be used as the initial password for all created users.

Open an SR with Oracle support and provide the CSV file and user from steps 1 and 2.

##################
 filename.csv
###################
##########################################
USR_LOGIN,USR_FIRST_NAME,USR_LAST_NAME,USR_EMAIL,ORG_NAME
ce.admin1,ce,admin1,ce.admin1@oracle.com,Retail
ce.admin2,ce,admin2,ce.admin2@oracle.com,Retail
ce.admin3,ce,admin3,ce.admin3@oracle.com,Retail
ce.admin4,ce,admin4,ce.admin4@oracle.com,Retail
ce.admin5,ce,admin5,ce.admin5@oracle.com,Retail
ce.admin6,ce,admin6,ce.admin6@oracle.com,Retail
ce.admin7,ce,admin7,ce.admin7@oracle.com,Retail
ce.admin8,ce,admin8,ce.admin8@oracle.com,Retail
ce.admin9,ce,admin9,ce.admin9@oracle.com,Retail
ce.admin10,ce,admin10,ce.admin10@oracle.com,Retail
##########################################

Bulk Role Membership Update (Optional)

If you have quite a few users that have roles to be assigned to, the Oracle team can bulk update the role membership into the OIM Application.

To update the membership of the by bulk update, follow the below steps.

Create CSV file with the user role mapping. Please note that the user name must be in upper case (see example below).

Open an SR with Oracle support and provide the CSV file and user from steps 1.

##################
 role.csv
###################
##########################################
UGP_NAME,USR_LOGIN
Role1,CE.ADMIN1
Role2,CE.ADMIN1
Role1,CE.ADMIN2
Role3,CE.ADMIN3
Role4,CE.ADMIN4
Role5,CE.ADMIN5
Role6,CE.ADMIN6
Role7,CE.ADMIN7
Role8,CE.ADMIN8
Role2,CE.ADMIN8
Role2,CE.ADMIN9
##########################################

Note:

If you want more than one role attached to a particular user, add one more row with the role that you want the user to have and the user name. Refer to the CE.ADMIN1 in above table for example.

Nightly Batch File Uploads

The following is the file upload process. The Private/Public Keys must be generated and the public Key must be associated with your SFTP Account for the file uploads. The Adding Authorized Keys section describes the step-by-step method to generate the Keys (2048 bit RSA Keys).

Adding Authorized Keys

The following is the process to generate a 2048 bit RSA key and add the same to the SFTP server. This is done with the help of WinSCP tool on Windows. However the same can be done using ssh-keygen on Linux as well.

Launch WinSCP and select Tools -> Run PuttyGen.
Select "SSH-2 RSA" for the type of key to generate and enter "2048" for the number of bits in a generated key field and click Generate.

Figure 1-30 Key Generator
Move the mouse over the blank space in the window until the key is generated.

Figure 1-31 Key Generator Progress
Once the key is generated, click the Save public key button to save the public key to a file.
Click the Save private key button to save the Private key to a file. Confirm to save it with/without a passphrase.
Open an SR with Oracle Support, to associate the Public half of the Key with your SFTP account (attach the Key with the SR).

Steps – Login to WinSCP

The Upload steps uses the private key generated in the earlier section.

Launch WinSCP and connect to <SFTP Server> using port 22.
Enter the username and click Advanced.
Click Authentication.
In the Private Key File field, click the Browse button and select the private key created in the earlier section.

Figure 1-32 Advanced Site Settings Dialog
After loading the private key file, click OK.

Figure 1-33 Private Key File Loaded
Click Login. The window does not prompt for a password and logs into the SFTP server. Provide a passphrase if one has been set up.

Steps to Upload the Batch File

Transfer the file to be copied (e.g., test) to /<SFTP User>.

Figure 1-34 <SFTP User> Directory
Transfer an empty file <filename>.complete (eg: test.complete) to the directory /<SFTP User>.

Figure 1-35 Transferring Empty File
If multiple files have to be transferred, copy all the files to /<SFTP_user>.

Figure 1-36 Transferring Multiple Files
Transfer all the corresponding <filename>.complete files to the /<SFTP_user> directory for the transfer to complete.

Figure 1-37 Transferring .complete Files

Export File Downloads

Change directory to /<SFTP User>/EXPORT.
Download all data files.