| Oracle® Retail Enterprise Inventory Cloud Service User Guide Release 18.0 F13734-03 |
|
 Previous |
 Next |
| Oracle® Retail Enterprise Inventory Cloud Service User Guide Release 18.0 F13734-03 |
|
Previous |
Next |
The following topics are described in this section:
EICS provides role-based user access control in order to manage application functionality and data available to users. This role-based user access control allows security to be managed in a way that corresponds closely to the organization's structure. This model provides improved support for customization, maintenance, and management of security in the system, simplifying customer implementations while maintaining a high degree of control and flexibility.
Role Based Security is handled by assigning privileges (permissions) to a role in EICS. These roles are then assigned to users for stores. If you do not have permission for that store for a feature, the feature will not be available for you. The application secures buttons, drop down values and menu options on the mobile application.
An external system controls security (LDAP). User details like User name, First name and Last name, Password and Security groups are administered in the external system and displayed in EICS. Managing the user's profile (assigning stores, roles, and so on) is done in EICS. Authentication is performed in LDAP.
During install, the cloud engineering team sets up the initial admin user for the customer to access OIM. After that, users can be setup by the customers and necessary groups can be assigned to the users based on the role these users are going to play'. for example, a user accessing web services will need to have 'sim_integration_users ' group assigned to him, user executing batches will need 'sim_batch_users' assigned to him. Roles that are needed for a user are assigned to the user in EICS.
This chapter covers the following:
Role Maintenance
Create new roles
Update, view and delete roles
Assigning and revoking permissions for a role
User Maintenance
Viewing user details
Assigning and revoking stores for a user
Assigning and revoking roles for a user
Viewing the groups assigned to a user
|
Note: The group sim_security_users is required for accessing security management tasks in EICS, such as role maintenance and user role/store assignments. |
The Role Maintenance screen is an admin screen used to create new roles and assign permissions to it, modify and delete roles. A role that has been currently assigned to a user cannot be deleted. The screen will be accessed via the menu: Security/ Role Maintenance. User must have Access Role Maintenance permission for the Role Maintenance screen to be accessed. The screen displays the list of roles that have been added. User can edit or view the details of the roles by clicking on the Role Name. User will be taken to the Role Detail screen in order to edit or view the role.
The screen displays the list of users who has access to the store that the security user has logged in.
It is an admin screen used by a security user to view a user's details, assign roles and stores and view groups assigned to the user. You can reset a user's profile through this screen. The screen is accessed via the menu: Security/ User Assignment. User must have 'Access User Maintenance' permission in order for the User Assignment menu option to be available under Security in EICS.
The details of the user, roles, stores and groups assigned can be viewed by clicking on the respective Username.
You can use 'Filter' in order to narrow down the list of users displayed in the screen.
The screen can be reached by clicking on the Username in the User Assignment screen. This screen has been divided into four tabs: User, Stores, Roles, and Groups.
This is the section that is displayed by default when the security user enters the screen by clicking on a Username from the User Assignment screen.
This section displays basic details of a user such as First name, Last name, Create date of the user's profile in the application, Login date (most recent login date), Last Store (the last logged in store) and also the primary language of the user. This is a read only screen.
This section enables the security user to assign or revoke stores for a user. The list of stores that the security user has access to are displayed in the screen and he can assign stores from this list to a user or revoke already assigned stores. If the security user has 'sim_global_store_users' group assigned to him, then all stores should be displayed in the list. User needs 'Assign User Store' security permission for this section to be accessed.
This section displays the set of roles currently assigned to the user and it also enables you to assign new roles or revoke already assigned roles for the user, set Start Date and End Date for the role assignments. You need 'Assign User Role' security permission for this section to be accessed.
A security user would need the ability to assign roles to a user (single role or multiple roles) and also to assign stores. This screen enables him to perform this activity. In EICS, roles are assigned to the stores that a user has access to. The system allows a user to have different permissions for each store that they are allowed to log into the system with. This section displays all roles that the security user has access to assign. The security users will only be able to assign a role to a user if they have the Data Permission for the Role Type assigned to the Role. The user can select a store(s) and select role(s) to be assigned for the store(s).
The screen provides a list of options that controls the list of stores that are displayed for the security user to assign a role to.
Select from assigned stores: List the stores that the user has been assigned to that the security user also has access to. The security user can select one or more stores from this list to assign roles.
Select from available stores: List all the stores that the security user has access to.
All assigned stores: List the stores that the user has been assigned to that the security user also has access to. As the name suggests, this enables the security user to assign roles to ALL the stores assigned to a user at once.
This is a read only section which lists the groups available in the system and also indicates ones that are assigned to the user. The groups are assigned through the external system (OIM).
List of Security Groups
EICS comes with six groups used for special purpose access, which are managed through OIM as roles.Users accessing application UI features that are restricted by group access must also be granted the relevant permissions through role and store assignments.A regular store user should not require any security group assignments for accessing the application UI.
Admin: The group sim_admin_users is required for access to administration tasks, such as managing configuration settings or translations. This group should only be assigned to system operators and administrators.
Batch: The group sim_batch_users is required for access to batch related tasks, such as job management or scheduling. This group should only be assigned to system operators and batch administrators.
Global Store User: The group sim_global_store_users grants the user access to all store locations. This group should only be assigned to system operators, and administrators or special users requiring access to all store locations.
Integration: The group sim_integration_users is required for accessing integration resources, such as web services. This group should only be assigned to users designated for application integration, not those requiring access to the application UI. Users that are only integrating with EICS are considered integration users, e.g. the RIB injection user is a typical case of an integration user. These users do not require access to the EICS client applications, and therefore do not require store assignments or role assignments (permissions).
MPS: The group sim_mps_users is required for access to MPS (message processing system) related tasks, such as staged message maintenance or work type management. This group should only be assigned to system operators and MPS administrators.
Security: The group sim_security_users is required for access to security management tasks, such as role maintenance and user role/store assignments. This group should only be assigned to system operators and security administrators.
System Operator: The group sim_sysop_users is required for access to restricted areas of the application, such as certain system configuration settings. This group should only be assigned to system operators, which are typically the cloud operator.
