2 Roles, Users, and Security Access

This chapter provides information about creating user security roles and managing user access to Oracle Retail Xstore Office Cloud Service. The User Roles and Users and Security Access features provide the ability to create security roles and to grant privileges to users for one or more areas of Oracle Retail Xstore Office Cloud Service based on these roles.

Note:

Security

Any users in an Org Node higher than the logged-on user will not be displayed in the Admin Users list. In addition, the logged-on user cannot add Org Nodes that are higher than the org nodes he/she is assigned to. Security privileges are associated with Oracle Retail Xstore Office Cloud Service actions.

Oracle Retail Xstore Office Cloud Service Areas Controlled by Security

Administration
Configurator
Data Manager
Deployment Manager
Home Page
Reports
Support

About this Chapter

This chapter contains the following sections:

See User Roles for information about creating the roles used to determine user privileges in Oracle Retail Xstore Office Cloud Service. Access to different areas of Oracle Retail Xstore Office Cloud Service is controlled by assigning security Roles to the users.
See Admin Users - Using Roles to Grant Access to Oracle Retail Xstore Office Cloud Service for instructions on creating new Oracle Retail Xstore Office Cloud Service User Accounts and controlling user access to Oracle Retail Xstore Office Cloud Service.

Note:
Refer to the Oracle Retail Xstore Suite Implementation and Security Guide for information about using DataLoader to load Oracle Retail Xstore Office Cloud Service user accounts.
See Editing Oracle Retail Xstore Office Cloud Service User Accounts for instructions on changing an existing user's account privileges.

User Roles

Note:

The Role of ADMINISTRATOR is required. This role defaults to access for every privilege and has a rank of 150.

Oracle recommends that you set up at least one ADMINISTRATOR user. Once this administrator user has been set up, delete the initial (default) administrator user account for security purposes.

Access to different areas of Oracle Retail Xstore Office Cloud Service is controlled by assigning security Roles to the users. This section provides information about defining the user roles that will then be used to grant specific privileges to a user.

Creating/Editing User Roles

From the Oracle Retail Xstore Office Cloud Service menu, select System, then Xadmin Users, or click the Xadmin Users link in the System panel.
At the Xadmin Users page, click User Roles.

Figure 2-1 Xadmin Users Page
At the User Roles page, create a new User Role, edit an existing User Role, or delete an existing User Role:
- To create a new Role, click Add New. The User Roles window displays and the fields are blank.
- To edit an existing User Role, select the Role from the list. The User Roles window displays and the fields are populated with the current Role information.
- To delete a User Role, select the Delete icon (X).
Complete the required fields. (All fields are required.)

Figure 2-2 User Roles Window - Add New Role Example
- Organization - Select the Organization ID and name from the list.
- Role ID - Type the role identifier. Spaces and special characters are not allowed in this field. When editing an existing role, this field cannot be changed.
- Description - Type a description for the role.
- Xadmin Rank - Type a numeric rank number for Oracle Retail Xstore Office Cloud Service. This rank is evaluated when creating a new Oracle Retail Xstore Office Cloud Service user in User and Security Access. An Oracle Retail Xstore Office Cloud Service user cannot assign a role to a new user that has a greater numeric rank than his/her Xadmin rank. For example, a logged-in user with a rank role of 50 cannot edit or create a rank role of 51 and above.
- Xstore Rank - Type a numeric rank number for Oracle Retail Xstore Point of Service. This value is the rank associated to the user within the Oracle Retail Xstore Point-of-Service application and corresponds to the role the user holds within Oracle Retail Xstore Point of Service. This rank is evaluated when creating or editing an Oracle Retail Xstore Point-of-Service employee in Data Manager - Employees. An Oracle Retail Xstore Office Cloud Service user cannot assign Oracle
  
  Retail Xstore Point-of-Service security groups to an employee that is ranked higher than his/her Oracle Retail Xstore Point-of-Service rank.
- Privileges - Select each role privilege from the list of Available options and click the arrow button to move the role or roles to the Selected window:
  - Double right arrows - Add all privileges to the Selected window.
  - Single right arrow - Add selected privilege to the Selected window.
  - Single left arrow - Remove selected privilege from the Selected window.
  - Double left arrows - Remove all privileges from the Selected window.
  - To select several privileges at the same time, hold down the [Ctrl] key on the keyboard while selecting each privilege you want to assign to the role you are creating or editing. Click the single right arrow button to move the privileges from the Available window to the Selected window.
  - You can also hold down the [Shift] key in the same manner to select all the privileges between the first privilege you select and the last privilege you select. Click the single right arrow button to move the privileges from the Available window to the Selected window.
Click Save to create or update the role.

Note:
A Delete icon (X) is available for roles you create. However, if a role has been assigned to a user it cannot be deleted.

About Privileges

The available privileges for Oracle Retail Xstore Office Cloud Service are grouped by category: Administration, Configurator, DataManager, DeploymentManager, Home Page, Reports, and Support.

Make sure you set up Oracle Retail Xstore Office Cloud Service privileges properly.

For example, in Deployment Manager, the Deployment Plan privileges for View Deployment Plans and Create/Edit Deployment Plans technically work together. If you just have View privilege, you can only view deployment plans (as expected). However, you must have both privileges (view and create) in order to Create or Edit.
The same is true for the Configurator privileges. If you just have Discounts or Menus and so on., you cannot do anything. You must also have the Configurator privilege and the Global Configurations or Configuration Overrides privilege to be able to get to the Discounts/Menus/Receipts selection page.
If a user does not have the privilege for a specific home page panel, then it will not be displayed when the user logs into Oracle Retail Xstore Office Cloud Service. There are six panels in the Oracle Retail Xstore Office Cloud Service base configuration, so there are six privileges available. Also, if the user has access to the home page panel itself, but not to any of the options contained within it, then the panel will not be displayed.

Administration

Administration Security Privileges:

Available Locales
Lock/Reset Account
User Roles
Users and Security Access
Xadmin Settings Xadmin
Users
Broadcaster Management
Customization Management
Integration Management

Configurator

Configurator Security Privileges:

Code Value
Configuration Overrides
Configurator
Copy Store Configurations
Customer Displays
Delete Profile Element Configurations
Discounts
Global Configurations
Landscape Maintenance
Menu Configuration
Menus
Personality Maintenance
Profile Maintenance
Profile Management
Reason Codes
Receipts
Schedule Deployment
Security
Security Groups
Security Privileges
Store Personality Maintenance
Store Specific Overrides
System Config
Tab Configuration
Tender Maintenance
Tender Options Maintenance
Tender Security Settings
Tenders

DataManager

DataManager Security Privileges:

Attached Items
Currency Exchange
Data Manager
Manager Deployment
Data Publisher
Employee
Employee Tasks
Item Matrix Manager
Item Pricing
Item Restriction Types
Item Restrictions
Items
Legal Entity (Country Pack ONLY)
Merchandise Hierarchy
Merchandise Items
Non Merchandise Items
Organization Hierarchy
Organization Hierarchy Maintenance
Store Collections Data
Store Communications
Store Messages
Stores
Tax Authority
Tax Brackets
Tax Elements
Tax Group
Tax Location
Tax Rates
Taxes
Vendor

DeploymentManager

DeploymentManager Security Privileges:

Approve Deployment Wave
Cancel Deployment
Create/Edit Deployment Plans
File Deploy
File Upload
Separate File Upload
Upload File to Deploy
Purge Deployment Files
Schedule Planned Deployment
Schedule Single Deployment
Unapprove Deployment Wave
View Deployment Plans
View Deployments

Note:

The File Deploy privilege should not be assigned to the same role as either the File Upload or Upload File to Deploy privilege.

Home Page

Home Page Panel Security Privileges:

Home Page Config Management Panel
Home Page Data Management Panel
Home Page Deployment Panel
Home Page Reports Panel
Home Page Support Panel
Home Page System Panel

Reports

Reports Security Privileges:

Dashboard Report for Sale
Airport Authority Report
Best Sellers Reports
Credit Card Report
Customer Account Activity Summary Report
Customer List Report
Daily Sales Report
Daily Sales Total Report
Daily Sales and Cash Report
Electronic Journal
Employee Performance Report
Employee Tasks Report
Flash Sales Report
Gift Certificate Report
Inventory Stock Cost Report
Item List Report
Journal Report
Layaway Account Activity Report
Layaway Aging Report
Line Void Report
No Sale Report
Post Void Detail Report
Post Void Summary Report
Price Change Report
Price Override Report
Receiving Exception Report
Receiving Report
Returned Merchandise Report
Sales By Hour Analysis Report
Sales By Hour Report
Sales Department Employee Report
Sales Department Report
Shipping Exception Report
Special Orders Report
Stock Valuation Reports
Store Locations Report
Suspended Transaction Detail Report
Suspended Transaction Summary Report
Tax Exemption Report
Transaction Cancel Detail Report
Transaction Cancel Summary Report
View Reports
YearEnd Roll-Up Process

Support

Support Security Privileges:

Alert Console
Alert Settings
Deployed Oracle Retail Xstore Point-of-Service Versions
PosLog Publisher
Replication Status

Admin Users - Using Roles to Grant Access to Oracle Retail Xstore Office Cloud Service

Once you have created Roles, you can grant user access to Oracle Retail Xstore Office Cloud Service by assigning a Role, and its associated privileges, to the user.

For Xstore Office Cloud Service applications, a customer admin user is created in the Identity Cloud Service (IDCS) as part of the provisioning process. The Identity Cloud Service (IDCS) is an Identity Management Service and Authorization Server. The customer admin user can then create other users in Xadmin and assign, organizations, roles and org nodes to each user. All users in Xadmin are synced with the users created in IDCS.

Creating New Oracle Retail Xstore Office Cloud Service User Accounts

Perform the following steps to grant other users access to Oracle Retail Xstore Office Cloud Service components. To change an existing user's account privileges, see Editing Oracle Retail Xstore Office Cloud Service User Accounts.

From the Oracle Retail Xstore Office Cloud Service menu, select System, then Xadmin Users, or click the Xadmin Users link in the System panel.
At the Xadmin Users page, click Users and Security Access.

Figure 2-3 Xadmin Users Page

At the Users and Security Access page, click Add New to create a new user account.

Note:

If there are more than 200 Oracle Retail Xstore Office Cloud Service users in your organization, a Search page displays rather than the employee list as shown in Figure 2-5 above. Click Add New to create a new user account.

Enter the information as required to grant security privileges for new users:
1. User ID - REQUIRED
  
  Note:
  The User ID Minimum Length is set in System - Xadmin Settings - User Account.
2. First Name - REQUIRED
3. Last Name - REQUIRED
4. Locale - This list contains the locales defined for your organization; defaults to English United States.
5. Email - Enter the user's email address, if applicable.
  
  Note:
  This is a required field in Xstore Office Cloud Service.
  
  Note:
  The Account Locked field is disabled for Xstore Office Cloud Service.
Click Add New, to add users organization, role and org nodes. The system displays the Add users organization, role and org nodes window. Select the following.
1. Organization - Select the organization ID the user has access to from the list.
2. Role - Select a role for the user.
3. Organization Nodes - Specify which stores the user has access to:
  - Select the globe icon. The system displays a list of organization nodes defined for your organization.
  - Select which nodes/stores the user will have access to, and click Add. The system displays the selected organization nodes.
  - The nodes you selected are shown, along with a Delete option you can use if you need to remove access to an Organization Node for the user.
    
    Note:
    You can add and delete multiple organization nodes.
4. Enable dashboard as home page check box - Select the check box to enable the Dashboard as your home page.
  
  Note:
  The Dashboard can only be enabled as home page, when a single store node is assigned to the user.
5. Click OK to save your entries. The system displays the User screen and updates the list of assigned organizations for the user.
  
  Note:
  Multiple organizations and roles can be added to the same user by clicking Add.
Click the Save button to create the new user account.

The new user account is added to the list of Oracle Retail Xstore Office Cloud Service Users. When the new user logs in to Oracle Retail Xstore Office Cloud Service, only the components for which the user has been granted access will be active on the Oracle Retail Xstore Office Cloud Service menu and panel links.

Editing Oracle Retail Xstore Office Cloud Service User Accounts

From the Oracle Retail Xstore Office Cloud Service menu, select System, then Xadmin Users, or click the Xadmin Users link in the System panel.
At the Xadmin Users page, click Users and Security Access.

Figure 2-4 Xadmin Users Page

At the Users and Security Access page, select a user account from the list.

Note:

If there are less than 200 Oracle Retail Xstore Office Cloud Service users in your organization, the list of users will be shown automatically without requiring a search. Otherwise, enter search criteria to find an Oracle Retail Xstore Office Cloud Service user account.

Important:

For cloud applications, delete users in the Identity Cloud Service (IDCS).

Note:

Xstore will not be deleting any users in Xadmin as part of the Right to be Forgotten Data Privacy effort. Xadmin users will need to be deleted in a separate process triggered by you, the retailer.

The Edit User page provides the fields that can be edited for the selected user account. Refer to step 4 on page 9 for more information about the fields.

About editing fields:
- The User ID cannot be changed.
- If you changed the Security Role setting, the user's access to Oracle Retail Xstore Office Cloud Service components is updated accordingly. When the user logs in to Oracle Retail Xstore Office Cloud Service, only the components for which the user has been granted access will be active on the Oracle Retail Xstore Office Cloud Service menu and panel links.
Click Save to apply the changes to the user's account.

Resetting Passwords User Accounts

In Xstore Office Cloud Service applications, only the customer admin user can reset user password.

For more information on how the admin user can reset passwords of user accounts, see the Oracle Cloud Administering Oracle Identity Cloud Service Guide.

Creating a User for Xstore Office Cloud Service

There are two ways to create users for the Xstore Office Cloud Service application.

A user can be created in the Xstore Office Cloud Service UI, see the User Created in Xstore Office Cloud Service section below.
A user can be created in the Identity Cloud Service (IDCS), either manually or imported into IDCS, then that user will be pulled down to Xstore Office Cloud Service (Xadmin) by using the IDP sync job. See the User Created in IDCS section below.

Note:

For more information on how to create users for Xstore Office Cloud Service, see the Oracle Retail Xstore Office Cloud Service Cloud Service Security Guide.

User Created in Xstore Office Cloud Service

If user is created using the Xstore Office Cloud Service UI, follow step as mentioned in the Creating New Oracle Retail Xstore Office Cloud Service User Accounts section. Once the user is created in Xstore Office Cloud Service (Xadmin).

The user will receive an email with an activation link.
An activation link will redirect the user to IDCS setup password page.
The user can create new password and re-enter the password with password rules mentioned on same page.
The user now can login to Xstore Office Cloud Service (Xadmin UI) through IDCS.

User Created in IDCS

If a user is created in IDCS.

The IDP sync job process, will pull uswer down from IDCS. This job runs every 24 hours.
Once your user ID is pulled from IDCS, the user ID will be visible on the User and Security Access Page. At this point, no organization and role will be assigned to your user ID. The user status is NEW.
The Admin user needs to assign minimum values to your user account, like organization, roles, org nodes and so on.
Once the Admin user assigned minimum values to your user account the status changes from NEW to PROVISIONED. You can login to the Xstore Office Cloud Service UI now.