Oracle® Retail Xstore Office/Oracle® Retail Xstore Office Cloud Service User Guide Release 18.0 E98786-12 |
|
![]() Previous |
![]() Next |
This chapter provides information about creating user security roles and managing user access to Oracle Retail Xstore Office. The User Roles and Users and Security Access features provide the ability to create security roles and to grant privileges to users for one or more areas of Oracle Retail Xstore Office based on these roles.
Note: SecurityAny users in an Org Node higher than the logged-on user will not be displayed in the Admin Users list. In addition, the logged-on user cannot add Org Nodes that are higher than the org nodes he/she is assigned to. Security privileges are associated with Oracle Retail Xstore Office actions. |
Administration
Configurator
Data Manager
Deployment Manager
Home Page
Reports
Support
This chapter contains the following sections:
See User Roles for information about creating the roles used to determine user privileges in Oracle Retail Xstore Office. Access to different areas of Oracle Retail Xstore Office is controlled by assigning security Roles to the users.
See Admin Users - Using Roles to Grant Access to Oracle Retail Xstore Office for instructions on creating new Oracle Retail Xstore Office User Accounts and controlling user access to Oracle Retail Xstore Office.
Note: Refer to the Oracle Retail Xstore Suite Implementation and Security Guide for information about using DataLoader to load Oracle Retail Xstore Office user accounts. |
See Editing Oracle Retail Xstore Office User Accounts for instructions on changing an existing user's account privileges.
See [ON-PREMISES ONLY] Password Options - Non LDAP, Editing Oracle Retail Xstore Office User Accounts, [ON-PREMISES ONLY] Passwords: Special Characters & Rules and [ON-PREMISES ONLY] Resetting a User's Password for instructions on setting up, changing, or resetting a user's password.
Note: If using LDAP Authentication, refer to [ON-PREMISES ONLY] LDAP Authentication. LDAP-managed users do not have the ability to manage their passwords from within Oracle Retail Xstore Office, or the ability to use the password reset or password change functionality. |
Note: The Role of ADMINISTRATOR is required. This role defaults to access for every privilege and has a rank of 150.Oracle recommends that you set up at least one ADMINISTRATOR user. Once this administrator user has been set up, delete the initial (default) administrator user account for security purposes. |
Access to different areas of Oracle Retail Xstore Office is controlled by assigning security Roles to the users. This section provides information about defining the user roles that will then be used to grant specific privileges to a user.
From the Oracle Retail Xstore Office menu, select System, then Xadmin Users, or click the Xadmin Users link in the System panel.
At the Xadmin Users page, click User Roles.
At the User Roles page, create a new User Role, edit an existing User Role, or delete an existing User Role:
To create a new Role, click Add New. The User Roles window displays and the fields are blank.
To edit an existing User Role, select the Role from the list. The User Roles window displays and the fields are populated with the current Role information.
To delete a User Role, select the Delete icon (X).
Complete the required fields. (All fields are required.)
Organization - Select the Organization ID and name from the list.
Role ID - Type the role identifier. Spaces and special characters are not allowed in this field. When editing an existing role, this field cannot be changed.
Description - Type a description for the role.
Xadmin Rank - Type a numeric rank number for Oracle Retail Xstore Office. This rank is evaluated when creating a new Oracle Retail Xstore Office user in User and Security Access. An Oracle Retail Xstore Office user cannot assign a role to a new user that has a greater numeric rank than his/her Xadmin rank. For example, a logged-in user with a rank role of 50 cannot edit or create a rank role of 51 and above.
Xstore Rank - Type a numeric rank number for Oracle Retail Xstore Point of Service. This value is the rank associated to the user within the Oracle Retail Xstore Point-of-Service application and corresponds to the role the user holds within Oracle Retail Xstore Point of Service. This rank is evaluated when creating or editing an Oracle Retail Xstore Point-of-Service employee in Data Manager - Employees. An Oracle Retail Xstore Office user cannot assign Oracle
Retail Xstore Point-of-Service security groups to an employee that is ranked higher than his/her Oracle Retail Xstore Point-of-Service rank.
Privileges - Select each role privilege from the list of Available options and click the arrow button to move the role or roles to the Selected window:
Double right arrows - Add all privileges to the Selected window.
Single right arrow - Add selected privilege to the Selected window.
Single left arrow - Remove selected privilege from the Selected window.
Double left arrows - Remove all privileges from the Selected window.
To select several privileges at the same time, hold down the [Ctrl] key on the keyboard while selecting each privilege you want to assign to the role you are creating or editing. Click the single right arrow button to move the privileges from the Available window to the Selected window.
You can also hold down the [Shift] key in the same manner to select all the privileges between the first privilege you select and the last privilege you select. Click the single right arrow button to move the privileges from the Available window to the Selected window.
Click Save to create or update the role.
Note: A Delete icon (X) is available for roles you create. However, if a role has been assigned to a user it cannot be deleted. |
The available privileges for Oracle Retail Xstore Office are grouped by category: Administration, Configurator, DataManager, DeploymentManager, Home Page, Reports, and Support.
Make sure you set up Oracle Retail Xstore Office privileges properly.
For example, in Deployment Manager, the Deployment Plan privileges for View Deployment Plans and Create/Edit Deployment Plans technically work together. If you just have View privilege, you can only view deployment plans (as expected). However, you must have both privileges (view and create) in order to Create or Edit.
The same is true for the Configurator privileges. If you just have Discounts or Menus and so on., you cannot do anything. You must also have the Configurator privilege and the Global Configurations or Configuration Overrides privilege to be able to get to the Discounts/Menus/Receipts selection page.
If a user does not have the privilege for a specific home page panel, then it will not be displayed when the user logs into Oracle Retail Xstore Office. There are six panels in the Oracle Retail Xstore Office base configuration, so there are six privileges available. Also, if the user has access to the home page panel itself, but not to any of the options contained within it, then the panel will not be displayed.
Administration Security Privileges:
Available Locales
Lock/Reset Account
User Roles
Users and Security Access
Xadmin Settings Xadmin
Users
Broadcaster Management
Customization Management
Configurator Security Privileges:
Code Value
Configuration Overrides
Configurator
Copy Store Configurations
Customer Displays
Delete Profile Element Configurations
Discounts
Global Configurations
Landscape Maintenance
Menu Configuration
Menus
Personality Maintenance
Profile Maintenance
Profile Management
Reason Codes
Receipts
Schedule Deployment
Security
Security Groups
Security Privileges
Store Personality Maintenance
Store Specific Overrides
System Config
Tab Configuration
Tender Maintenance
Tender Options Maintenance
Tender Security Settings
Tenders
DataManager Security Privileges:
Attached Items
Currency Exchange
Data Manager
Manager Deployment
Data Publisher
Employee
Employee Tasks
Item Matrix Manager
Item Pricing
Items
Merchandise Hierarchy
Merchandise Items
Non Merchandise Items
Organization Hierarchy
Organization Hierarchy Maintenance
Store Collections Data
Store Communications
Store Messages
Stores
Tax Authority
Tax Brackets
Tax Elements
Tax Group
Tax Location
Tax Rates
Taxes
Vendor
[ON-PREMISES ONLY] Cloud Migration
DeploymentManager Security Privileges:
Approve Deployment Wave
Cancel Deployment
Create/Edit Deployment Plans
File Deploy
File Upload
Separate File Upload
Upload File to Deploy
Purge Deployment Files
Schedule Planned Deployment
Schedule Single Deployment
Unapprove Deployment Wave
View Deployment Plans
View Deployments
Note: The File Deploy privilege should not be assigned to the same role as either the File Upload or Upload File to Deploy privilege. |
Home Page Panel Security Privileges:
Home Page Config Management Panel
Home Page Data Management Panel
Home Page Deployment Panel
Home Page Reports Panel
Home Page Support Panel
Home Page System Panel
Reports Security Privileges:
Dashboard Report for Sale
Airport Authority Report
Best Sellers Reports
Credit Card Report
Customer Account Activity Summary Report
Customer List Report
Daily Sales Report
Daily Sales Total Report
Daily Sales and Cash Report
Electronic Journal
Employee Performance Report
Employee Tasks Report
Flash Sales Report
Gift Certificate Report
Inventory Stock Cost Report
Item List Report
Journal Report
Layaway Account Activity Report
Layaway Aging Report
Line Void Report
No Sale Report
Post Void Detail Report
Post Void Summary Report
Price Change Report
Price Override Report
Receiving Exception Report
Receiving Report
Returned Merchandise Report
Sales By Hour Analysis Report
Sales By Hour Report
Sales Department Employee Report
Sales Department Report
Shipping Exception Report
Special Orders Report
Stock Valuation Reports
Store Locations Report
Suspended Transaction Detail Report
Suspended Transaction Summary Report
Tax Exemption Report
Transaction Cancel Detail Report
Transaction Cancel Summary Report
View Reports
YearEnd Roll-Up Process
Once you have created Roles, you can grant user access to Oracle Retail Xstore Office by assigning a Role, and its associated privileges, to the user.
For Xstore Office Cloud Service applications, a customer admin user is created in the Identity Cloud Service (IDCS) as part of the provisioning process. The Identity Cloud Service (IDCS) is an Identity Management Service and Authorization Server. The customer admin user can then create other users in Xadmin and assign, organizations, roles and org nodes to each user. All users in Xadmin are synced with the users created in IDCS.
Perform the following steps to grant other users access to Oracle Retail Xstore Office components. To change an existing user's account privileges, see Editing Oracle Retail Xstore Office User Accounts.
From the Oracle Retail Xstore Office menu, select System, then Xadmin Users, or click the Xadmin Users link in the System panel.
At the Xadmin Users page, click Users and Security Access.
At the Users and Security Access page, click Add New to create a new user account.
Note: If there are more than 200 Oracle Retail Xstore Office users in your organization, a Search page displays rather than the employee list as shown in Figure 2-5 above. Click Add New to create a new user account. |
Enter the information as required to grant security privileges for new users:
User ID - REQUIRED
Note: The User ID Minimum Length is set in System - Xadmin Settings - User Account. |
[ON-PREMISES ONLY] Authentication Type - If applicable, select the authentication type, Internal Xadmin directory or LDAP directory.
Note: Authentication Type is only available if LDAP authentication is enabled.If using LDAP Authentication you are not prompted for password information. Also, password reset and password change functionality is not available. See [ON-PREMISES ONLY] LDAP Authentication for more information. |
First Name - REQUIRED
Last Name - REQUIRED
[ON-PREMISES ONLY] Password & Confirm Password - REQUIRED FOR MANUAL PASSWORD METHOD See [ON-PREMISES ONLY] Passwords: Special Characters & Rules for more information about password validation.
Note: The Password and Confirm Password fields are not available if using the Static password method or the Algorithm method when creating new user accounts. See [ON-PREMISES ONLY] Password Options - Non LDAP for more information about static passwords and algorithm passwords.[CLOUD ONLY] The Password and Confirm Password fields are disabled for Xstore Office Cloud Service. |
Locale - This list contains the locales defined for your organization; defaults to English United States.
Email - Enter the user's email address, if applicable.
Note: [CLOUD ONLY] This is a required field in Xstore Office Cloud Service. |
[ON-PREMISES ONLY] Account Locked check box - After a configurable number of consecutive unsuccessful login attempts, the user's account will be automatically flagged as locked and the user cannot access the system until you reset the lock flag here. You can also select this check box to lock a user out of the system. This functionality is not available for LDAP users.
Note: [CLOUD ONLY] The Account Locked field is disabled for Xstore Office Cloud Service. |
Click Add New, to add users organization, role and org nodes. The system displays the Add users organization, role and org nodes window. Select the following.
Organization - Select the organization ID the user has access to from the list.
Role - Select a role for the user.
Organization Nodes - Specify which stores the user has access to:
Select the globe icon. The system displays a list of organization nodes defined for your organization.
Select which nodes/stores the user will have access to, and click Add. The system displays the selected organization nodes.
The nodes you selected are shown, along with a Delete option you can use if you need to remove access to an Organization Node for the user.
Note: You can add and delete multiple organization nodes. |
Enable dashboard as home page check box - Select the check box to enable the Dashboard as your home page.
Note: The Dashboard can only be enabled as home page, when a single store node is assigned to the user. |
Click OK to save your entries. The system displays the User screen and updates the list of assigned organizations for the user.
Note: Multiple organizations and roles can be added to the same user by clicking Add. |
Click the Save button to create the new user account.
The new user account is added to the list of Oracle Retail Xstore Office Users. When the new user logs in to Oracle Retail Xstore Office, only the components for which the user has been granted access will be active on the Oracle Retail Xstore Office menu and panel links.
From the Oracle Retail Xstore Office menu, select System, then Xadmin Users, or click the Xadmin Users link in the System panel.
At the Xadmin Users page, click Users and Security Access.
At the Users and Security Access page, select a user account from the list.
Note: If there are less than 200 Oracle Retail Xstore Office users in your organization, the list of users will be shown automatically without requiring a search. Otherwise, enter search criteria to find an Oracle Retail Xstore Office user account. |
Important: A delete option is available to allow you to remove an Oracle Retail Xstore Office user account. If selected, you will be prompted to confirm the user account should be deleted. Always make sure at least one user has access to the ADMINISTRATOR role before deleting user accounts. |
Note: Xstore will not be deleting any users in Xadmin as part of the Right to be Forgotten Data Privacy effort. Xadmin users will need to be deleted in a separate process triggered by you, the retailer. |
The Edit User page provides the fields that can be edited for the selected user account. Refer to step 4 on page 9 for more information about the fields.
About editing fields:
The User ID cannot be changed.
[ON-PREMISES ONLY] The Authentication Type cannot be changed after setup.
[ON-PREMISES ONLY] When editing existing users, a Reset Password option is available for static and algorithm password methods. See [ON-PREMISES ONLY] Resetting a User's Password.
If you changed the Security Role setting, the user's access to Oracle Retail Xstore Office components is updated accordingly. When the user logs in to Oracle Retail Xstore Office, only the components for which the user has been granted access will be active on the Oracle Retail Xstore Office menu and panel links.
Click Save to apply the changes to the user's account.
There are three options for creating passwords for new users and/or users that request a password reset. These configuration options are set in Xadmin Settings. See Chapter 3, "System Settings", Oracle Retail Xstore Office Configuration for more information about setting up password options.
Manual Setup - Using this option, the administrator creates each password and then communicates it to the user. When creating a new user, the Password text box must be populated with a password that meets the standards set by other Oracle Retail Xstore Office password configurations defined in Xadmin Settings, User Accounts section.
Static Passwords - Using this option, the administrator first sets up a static (universal) password within Oracle Retail Xstore Office Settings for all new users, for example A@23456. This static password will be temporarily used by new Oracle Retail Xstore Office users, and users that have requested a password reset. A Password text box is not needed on the Edit User page since a static password is used for all new users. The Oracle Retail Xstore Office user will be prompted to change this password the first time he/she logs into the system.
Auto-generated Password Via Algorithm - Using this option, the password is created automatically for the user based on a predetermined algorithm. The algorithm contains aspects of the user profile that can be communicated easily. The algorithm currently used is as follows:
The first letter of the user's first name (upper case).
The first letter of the user's last name (lower case).
The @ symbol.
The month and year in which the user record is created (when the password is requested) in MMYYYY format.
The Oracle Retail Xstore Office user will be prompted to change this password the first time he/she logs into the system.
Table 2-1 Valid Password Special Characters
Character | Description |
---|---|
! |
exclamation mark |
# |
pound or number sign |
$ |
dollar |
% |
percent |
& |
ampersand |
( |
open parenthesis |
) |
close parenthesis |
* |
asterisk |
- |
minus or hyphen |
= |
equal |
? |
question mark |
@ |
at |
[ |
open bracket |
] |
close bracket |
^ |
carat |
_ |
underscore |
{ |
open brace |
} |
close brace |
| |
pipe or bar |
~ |
tilde |
+ |
plus |
Password & User ID settings are configured in System - Xadmin Settings - User Account category. These settings include the following:
Method of Creating Password for New Users - The method used to create the password for newly added users. See [ON-PREMISES ONLY] Password Options - Non LDAP for more information about the three options available.
Number of Capital Letters Required for a Password - The minimum number of capital letters that should appear in a password. The minimum number is zero (0).
Number of Changes Before a Password Can Be Reused - The number of password resets within which associates are not allowed to reuse the same password. For example, setting the value to 12 ensures a user's new password cannot match any of his/her 12 previous passwords. A setting of zero (0) means that the same password can always be reused.
Number of Consecutive Characters Allowed in a Password - The maximum number of times that any given symbol or character can repeat consecutively within the password string. The minimum number is one (1).
Number of Login Attempts Before Account Is Locked - The number of times an invalid password can be entered before the account is locked. The minimum number is one (1).
Number of Numbers Required for a Password - The minimum number of digits that should appear in a password (accepted values = 0-9). The minimum number is zero (0).
Number of Special Characters Required for a Password - The minimum number of special characters that should appear in a password. The minimum number allowed is zero (0). See [ON-PREMISES ONLY] Passwords: Special Characters & Rules for a list of valid special characters.
Password Expiration Days - The number of days that a password can be used before it expires. If a user successfully logs into Oracle Retail Xstore Office (enters valid user name and password), but the password is older than the configured number of days, the user will be rerouted to the Change Password screen and will not be able to access the system until the password has been successfully changed.
Password Length - The minimum length of a password. If a value of 1 is set, passwords have no minimum length, but cannot be empty/blank.
User ID Length - The minimum number of characters that must be used in order for a user ID to be valid.
See Chapter 3, "System Settings" for more information about the password configuration options.
Use the Reset Password function to manually reset user passwords when needed. This option is available with Static and Algorithm password generation methods only.
Note: If Oracle Retail Xstore Office is configured for Manual password generation, simply change the password in the Password field on the Edit User page:
|
From the Oracle Retail Xstore Office menu, select System - Xadmin Users, or click the Xadmin Users link in the System panel.
At the Xadmin Users page, click Users and Security Access.
At the Users and Security Access page, select a user account from the list.
Click the Reset Password link.
When prompted, verify the user account and email address are correct, then click Yes to continue.
Note: If the user does not have an email address on record, you will be prompted whether or not to continue. Click No to return to the Edit User page and enter an email address, or click Yes to continue without generating an email for the user. |
The password is reset based on the configured password method, either the static (universal) password or the algorithm password.An email is generated and sent to the Oracle Retail Xstore Office user with the details.
In Xstore Office Cloud Service applications, only the customer admin user can reset user password.
For more information on how the admin user can reset passwords of user accounts, see the Oracle Cloud Administering Oracle Identity Cloud Service Guide.
There are two ways to create users for the Xstore Office Cloud Service application.
A user can be created in the Xstore Office Cloud Service UI, see the User Created in Xstore Office Cloud Service section below.
A user can be created in the Identity Cloud Service (IDCS), either manually or imported into IDCS, then that user will be pulled down to Xstore Office Cloud Service (Xadmin) by using the IDP sync job. See the User Created in IDCS section below.
Note: For more information on how to create users for Xstore Office Cloud Service, see the Oracle Retail Xstore Office Cloud Service Security Guide. |
If user is created using the Xstore Office Cloud Service UI, follow step as mentioned in the Creating New Oracle Retail Xstore Office User Accounts section. Once the user is created in Xstore Office Cloud Service (Xadmin).
The user will receive an email with an activation link.
An activation link will redirect the user to IDCS setup password page.
The user can create new password and re-enter the password with password rules mentioned on same page.
The user now can login to Xstore Office Cloud Service (Xadmin UI) through IDCS.
If a user is created in IDCS.
The IDP sync job process, will pull uswer down from IDCS. This job runs every 24 hours.
Once your user ID is pulled from IDCS, the user ID will be visible on the User and Security Access Page. At this point, no organization and role will be assigned to your user ID. The user status is NEW.
The Admin user needs to assign minimum values to your user account, like organization, roles, org nodes and so on.
Once the Admin user assigned minimum values to your user account the status changes from NEW to PROVISIONED. You can login to the Xstore Office Cloud Service UI now.
LDAP Authentication allows users to log into Oracle Retail Xstore Office using a single sign-on where one password for a user is shared between many services. This feature uses LDAP (Lightweight Directory Access Protocol) and Microsoft's AD (Active Directory) repository to manage the user ID and password access to the application.
Note: LDAP is used for authentication to Oracle Retail Xstore Office, but the user information must be set up in the Oracle Retail Xstore Office database for the users to access the application. |
LDAP - managed users do not have the ability to manage their passwords from within Oracle Retail Xstore Office, or the ability to use password reset or password change functionality.
A single LDAP server must be configured for the Oracle Retail Xstore Office instance. Multiple LDAP authentication servers are not supported.
Account locking (for example, after "X" login attempts) and unlocking is not available through Oracle Retail Xstore Office. It may be available through the LDAP server.
The server must be a domain controller, for example, ldap://localhost:389
.
Add a user in the Active Directory Users and Computers section of the Server Manager. For example, add the user to the folder Client Services of the main branch.
When setting up the user, the password entered, is the same password for logging on to Oracle Retail Xstore Office with this user.
LDAP Authentication settings are configured in System - Xadmin Settings - User Account category.
Default Domain Name for LDAP - The default domain name to be used when authenticating users using LDAP.
Enable LDAP Authentication Option? - The configuration used to enable Oracle Retail Xstore Office to authenticate users using LDAP directory.
LDAP Provider URL - The URL to be used to connect to LDAP server.