| Oracle® Retail Data Extractor for Merchandising Security Guide Release 15.1 E77920-01 |
|
 Previous |
| Oracle® Retail Data Extractor for Merchandising Security Guide Release 15.1 E77920-01 |
|
Previous |
The database should be secured using the recommendations from the Oracle Database 12c Release 1 Security Guide. The following sections provide additional application specific guidance for securing the database for use with Oracle Retail Stores products.
The following recommendations should be considered for the schema owners:
Database Administrators should create an individual schema owner for each application, unless the applications share the same data.
For example, the Oracle Retail Point-of-Service and Back Office applications share the same database.
The schema owners should only have enough rights to install the applications.
Set the following rights when using an Oracle database:
CREATE TABLE
CREATE VIEW
CREATE INDEX
CREATE SEQUENCE
CREATE PROCEDURE
ALTER SESSION
CONNECT
After the database objects are created, the following rights are no longer needed, and should be revoked:
When using an Oracle database, revoke CREATE PROCEDURE.
The following recommendations should be considered for the database:
The database server should be in a private network.
The database server should be in a locked secure facility and inaccessible to non-administrator personnel.
The database should only be accessed via trusted network hosts.
The database server should have minimal use of ports and any communications should be under secure protocols.
The database should be on its own dedicated server.
The database server should be behind a firewall.
Any database user beyond the schema application owner should be audited.
Only minimal rights should be granted to the owner of database processes and files such that only that owner has the right to read and write from the database related files, and no one else has the capability to read and write from such files.
The internal database JVM is required to be Java JVM v7.0 in order to run the optional Universal Adapter ETL component
Note that in Oracle 12c, the internal JVM version is configurable
For more information regarding the internal JVM, please refer to the Oracle Database Java Developer's Guide
The purge script is usually put into an automation script, which runs once per day. As described above, this script is usually run by a user with limited access (only execute procedure and connect access).
