| Oracle® Retail Science Cloud Services Security Guide Release 18.0.001 F17806-02 |
|
 Previous |
Oracle Retail Science Cloud Services uses web services to push information to Customer Engagement and to expose configuration as well as application incremental data and reports to customers.
This section details the security guidelines.
Oracle Retail Science CS supports the following security features.
Web Services
The Web service in Oracle Retail Science CS is stateless, so state is not stored or managed. Pagination such as the batch size of data and parameters such as export data time, product, location, and so on are used to manage payload size and to handle session timeouts.
SOAP
Oracle Retail Science CS has an Outbound Interface to push Customer Segment and its members to ORCE (Customer Engagement). This interface supports the following security features.
Message authentication is enabled in ORCE, and the Oracle Retail Science CS message includes authentication information in the HTTP header for the message. This authentication information is specific to ORCE and is stored in the Credential Stores. The Credential Stores are created or updated from the Data Management task, enabled for an Administrator. The Base64 encoding tool is used to encode the authorization key that is sent as part of the Message HTTP Header request. The Credential Stores use APIs that applications can use to create, read, update, and manage credentials securely and mark code as being "privileged", thus affecting subsequent access determinations.
Oracle Retail Science CS provides configuration to set up proxy settings for both HTTP and HTTPS.
XML sent as part of the message relies on marshalling and un-marshalling to and from Java Objects generated using the WSDL/Schema exposed via ORCE. This enforce XML generated is well formed and valid. It is the responsibility of ORCE to convert XML; Oracle Retail Science CS does not perform any XML Conversion. There are no concerns regarding XXE and XEE.
REST
Oracle Retail Science CS has an Outbound Interface to export data (GET request), and it use REST to expose data. These web services are REST-based; it is assumed that callers are familiar with the basic REST principles (such as the usage of HTTP verbs). AC and ASO export web services can serve as a means of obtaining incremental update data from a specified point in time. All services support the query parameter contentType and the HTTP header Content-Type, with supported values application/json and application/xml. The query parameter takes precedence; if no content type is supplied, then application/json serves as the default. Basic authentication is used, so you may use any client software that supports it. Authorization is done for ADF-LDAP (OID) mapped roles, and only administrator roles are used. (That is, the calling user must be in a duty that is mapped to the defined administrator roles.) JSON/XML parsing is done using standard JAXB request parameters that are validated before data is fetched.
For authorization, Oracle Retail Science CS modules have been built with role-based access. Access to application user interface components is done by assigning application roles. Application roles are defined as part of the application and deployed as part of the installation process. Application roles are mapped to enterprise roles during the initial environment provisioning. Enterprise roles exist as LDAP groups in OID. For IDCS users, it is available in the IDCS import file. Refer to the Oracle Retail Science Cloud Services User Guide for the definition of standard user roles.
User Roles
Oracle Retail Science supports the following roles.
Table 1-1 User Roles
| Module | Job Role | Role Description |
|---|---|---|
|
CDT |
ANALYTIC_EXPERT_JOB |
A user who understands the retailer's business, has some business analytics training, and has been trained in the use of the CDT application. |
|
DT |
ANALYTIC_EXPERT_JOB |
A user who understands the retailer's business, has some business analytics training, and has been trained in the use of the DT application. |
|
ASO |
CATEGORY_MANAGER_JOB |
Product-assortment-centric user who is interested in viewing ASO results and in the translation of data between CMPO, Retail Analytics, and ASO. |
|
SPACE_PLANNER_JOB |
A Store Planner is a corporate employee with responsibility for designing the layout of floor plans, department sizes, and locations, the layout of fixtures and aisles, applying health, safety and welfare guidelines, and managing and publishing floor-plan versions. This user is also responsible for day-to-day micro-space optimization activities. |
|
|
MERCHANDISING_ANALYST_JOB |
Main business user responsible for day-to-day micro-space optimization activities. |
|
|
SPACE_ADMINISTRATOR_JOB |
Responsible for general system setup and configuration tasks related to the business. |
|
|
FORECAST_MANAGER_JOB |
Responsible for analytical configuration, testing, and model diagnosis. |
|
|
AC |
ASSORTMENT_PLANNER_JOB |
The Assortment Planner is responsible for creating the category assortments that meet the roles, strategies, and tactics set for the category by the Category Manager. Multiple category assortments are created for each cluster or store. One planner can be responsible for multiple categories. |
|
MERCHANDISER_JOB |
A Store Merchandiser (or In-Store Merchandiser) is an hourly employee who executes the placement and assembly of retail fixtures, the adjustment of shelves, and the arrangement and placement of products on the shelves in accordance with CAD drawings and planograms. |
|
|
CLUSTERING_ADMINISTRATOR_JOB |
Plans, builds, and analyzes store clusters based on a variety of store and category attributes to support assortment, pricing, and space planning business processes in the Store Clustering Module. |
|
|
CS |
ASSORTMENT_PLANNER_JOB |
The Assortment Planner is responsible for creating the category assortments to meet the roles, strategies, and tactics set for the category by the Category Manager. Multiple category assortments are created for each cluster and or store. One planner can be responsible for multiple categories. |
|
MERCHANDISER_JOB |
A Store Merchandiser (or In-Store Merchandiser) is an hourly employee who executes the placement and assembly of retail fixtures, the adjustment of shelves, and the arrangement and placement of products on the shelves in accordance with CAD drawings and planograms. |
|
|
CUSTOMER_ANALYST_JOB |
Responsible for developing customer segments and analyzing their customer shopping and buying behavior to determine customer differentiation, trends, and opportunities in the Customer Segmentation Module. |
|
|
MARKET_ANALYST_JOB |
Responsible for reviewing customer segments with business experts, suited (distinctly) for targeted promotion, category and assortment planning, targeted pricing, customer, and market basket analytics in the Customer Segmentation Module. |
|
|
CUSTOMER_SEGMENT_ADMINISTRATOR_JOB |
Responsible for analytical defaults and configuration, testing, and model diagnosis. This includes Filter, Sampling, and Attribute Mining in the Customer Segmentation Module. |
|
|
AE |
ATTRIBUTE_EXTRACTION_JOB |
A user who is familiar with the retailer's product categories and has been trained in the use of the Attribute Extraction. |
|
RSP Administration |
ADMINISTRATOR_JOB |
A user who understands all the parameters driving the application and is responsible for their configuration. The user is also responsible for integration configuration and management of credential store for CE, RPM, and so on. |
|
RL |
RETURN_LOGISTICS_JOB |
A user who is familiar with the retailer's product categories and has been trained in the use of the AE application. |
|
SA |
SOCIAL_ANALYTICS_JOB |
A user who understands the retailer's business, has some business analytics training, and has been trained in the use of the SA application. |
|
Attribute Binning |
ATTRIBUTE_BINNING_JOB |
A user who understands the retailer's business, has some business analytics training, and has been trained in the use of the CDT application and attribute binning application. |
|
PRO |
PRICING_ADMINISTRATOR_JOB |
Responsible for the general system setup and configuration tasks related to the business. |
|
PRICING_MANAGER_JOB |
A user who is responsible for the analytical configuration, testing, and model diagnosis. The user oversees the work done by the pricing analyst. |
|
|
PRICING_ANALYST_JOB |
Main business user responsible for day-to-day pricing optimization activities (e.g., creating scenarios). |
|
|
BUYER_JOB |
User who is responsible for a department or departments and who makes the budget decision for pricing recommendations, approves or rejects the OO run, and is responsible for the translation of data between OO and Oracle Retail Price Management (RPM) and Oracle Retail Customer Engagement (CE). |
|
|
TARGETED_OFFER_JOB |
User (probably works in marketing department) who is responsible for accepting or rejecting targeted offers that are sent out to customers. |
|
|
HOS |
HOS_FORECAST_ANALYST_JOB |
A user who understands the restaurant's business, has some business analytics training, and has been trained in the use of the Forecasting application. |
|
HOS_FORECAST_CORPORATE_ANALYST_JOB |
A Corporate Analyst is responsible for ensuring the efficient running and profitability of multiple stores in a restaurant chain. This user works with the store manager to review and override the daily sales forecasts, as needed. |
|
|
HOS_FORECAST_STORE_MANAGER_JOB |
A Store Manager is responsible for overseeing stock levels and ordering supplies to meet the restaurant's profitability and quality goals. |
|
|
This user reviews, overrides, and approves the daily sales forecast of menu item groups. The store manager is typically responsible for one store. |
||
|
MR |
MENU_RECOMMENDATION_JOB |
A user who understands the restaurant's business, has some business analytics training, and has been trained in the use of the Menu Recommendation. |
|
IW |
DATA_SCIENCE_ANALYST_JOB |
Data Science Retailer Analyst who uses Innovation Workbench using APEX Workspace. This user is a developers who create and edit applications, monitor workspace activity, and view dashboards. |
|
DATA_SCIENCE_ADMINISTRATOR_JOB |
Data Science Retailer Administrator who uses Innovation Workbench using APEX Workspace. This user is a workspace administrators who perform administrator tasks specific to a workspace such as managing user accounts, monitoring workspace activity, and viewing log files. |
|
|
DATA_SCIENCE_OLDS_ANALYST_JOB |
Data Science Retailer Analyst who uses Innovation Workbench using Python Notebook. This user is a developers who manage and executes paragraphs in Python Notebook |
|
|
MBI |
MARKET_BASKET_ANALYSIS_JOB |
A user who understands the retailer's business, has some business analytics training, and is responsible for reviewing sales transaction affinity analysis. |
|
Chatbot |
CHATBOT_SERVICE_JOB |
Conversational AI Role to enable integration between Retail Science and Oracle Chatbot. |
|
CHATBOT_QNA_VIEW_JOB |
Conversational AI Role to enable frequently asked question type of bot conversations. |
|
|
CHATBOT_VIEW_JOB |
Conversational AI Role to enable real time bot conversations. |
|
|
SPO |
SIZE_PROFILE_OPT_JOB |
A user who understands size and profile estimations and is able to review and submit them for the retailer's business. |
