5 Shipboard Property Management System Security

This chapter explains the Shipboard Property Management System's security features.

Authorization Privileges

Overview

Setting Authorization privileges establishes strict access control, explicitly enabling or restricting the ability to do something with a computer resource.

User authorization privileges are configured in the Shipboard Property Management System within the User Security module. The Shipboard Property Management System uses the simple authorization model, where each user belongs to one or more user groups, and the user has all privileges assigned to the user group(s).

The Oracle Hospitality Cruise Launch Panel is the control panel for SPMS programs and User Security Management.

User Security/Access Rights

This section describes the Shipboard Property Management System User Security Access by module and permission level available to users. Permission is granted at the group level instead of the individual user level.

Figure 5-1 User Security Screen


This figure shows the User Security window where permission is assigned.
The User Security window has four sections,

  1. Menu bar

  2. Security Group

  3. List of Security Access

  4. User Groups

Accessing User Security Program

  1. Launch the OHC Launch Panel from the C:\Program Files (x86)\Oracle Hospitality Cruise folder.

  2. Navigate to the Utilities tab and run the User Security program.

Adding a User

  1. Select a Security Group from the Security Groups list.

  2. Click Add User from the ribbon bar.

  3. In the Add User window, enter the Login name and Description in the User Details section and check theUser Group associated with this user. Multiple selections of the User Group are allowed.

  4. Enter the Password and check the password criteria in the Security section.

  5. Select the Crew Name from the drop-down list to associate the user login to the crew profile and enter the information in the various sections, if any.

  6. Click Apply to save the user. The newly created user is saved under the Security group container.

Figure 5-2 Add User Window


This figure shows the Add User window where user credential is created.

Table 5-1 Field Definition for Add User

Field Description

Login Name

Login ID used in SPMS applications

Login Description

User Name

User Group

Group Access Level

Password

User Password

Crew Link

Link to the Crew Profile

Buyer’s Limit

Maximum spend amount allowed for goods purchases from MMS module

Cashier Function

Enable/Disable the Cashier Function

Cashbook Assigned

The Cashbook assigned to the user

Operational Position

Operational Position the user is link to

Vendor

A user by iCrew WebServices to retrieve an excursion

Email Address

Email address of the user

Changing a User Password

  1. Expand the Security Group container and select the user name.

  2. Click Change Password from the ribbon bar and enter the new password in the [User Name] field.

  3. Click Apply to confirm the change and then click OK to close the dialog window.

Audit Trail/Application Activity Log

This section describes the steps to create triggers to log various changes made to the database. These triggers are configured in OHC Tools.exe

Change Log Trigger

The following function triggers a change log activity when changes are made to the selected fields and stores the log in the ADU table.

Figure 5-3 Change Log Trigger


This figure shows an example of Change Log Triggers available in SPMS.

  1. In the OHC Tools window, select Change Log Trigger from the ribbon bar.

  2. In the Create Change Log Trigger window, checkmark the table on the left pane and then navigate to Monitor Column on the right pane.

  3. In the Monitor Column, checkmark the fields for changes to be logged into the ADU table and then navigate to the Acc ID Column tab.

  4. In the Acc ID Column tab, checkmark the field to write into the ADU_ACC_ID.

  5. Click the Create Change Log Trigger on the ribbon bar to create the trigger. To add more table fields repeat the above steps.

Deleting a Log Trigger

This function creates a trigger to log data deletion activities of the selected field. Any value deleted from these fields will log into SDR table.

  1. In the OHC Tools window, select the Delete Log Trigger from the ribbon bar.

  2. In Create Deletion Log Trigger window, checkmark the table on the left pane and then navigate to the Description Column on the right pane.

  3. In the Description Column, checkmark the field for changes to be to log into the SDR table and then navigate to the Acc ID column tab.

  4. In the Acc ID Column tab, checkmark the field to write into SDR_ACC_ID.

  5. Click the Create Deletion Log Trigger on the ribbon bar to create the trigger.

  6. The system prompts the total number of triggers deleted and created/uploaded. Click OK to continue. To add more table fields, repeat the above steps.

Inserting a Log Trigger

This function creates a trigger to log data insertion activities for the selected field. Any value deleted from these fields will be logged into the SIR table.

  1. In the OHC Tools window, select the Insertion Log Trigger from the ribbon bar.

  2. In the Create Insertion Log Trigger window, checkmark the table on the left pane and then navigate to the Description Column on the right pane.

  3. In the Description Column, checkmark the field for changes to be logged into the SIR table and navigate to the Acc ID Column tab and checkmark the field value to write into the SIR_ACC_ID.

  4. Click the Create Insertion Log Trigger on the ribbon bar. The system prompts the user with the total number of triggers deleted and created/uploaded.

  5. Click OK to continue. Repeat the above steps for more table fields to be added.

Figure 5-4 Insertion of Log Trigger


This figure shows the example of inserted triggers.

Shipboard Property Management System OHC Tools

The OHC Tools is used in the Shipboard Property Management System to encrypt and store sensitive information. The customer can choose the sensitive data to encrypt and store.

  1. Launch OHC Tools.exe.

  2. At the login screen, enter your login credentials.

  3. After the authentication is successful, the user will have access to the application and the screen shown below will be displayed.

  4. Select the Change Database Encryption Key from the ribbon bar.

Figure 5-5 OHC Tools Main Page


This figure shows the main page of OHC Tools.

Verify Database Encrypted Data

The Verify Database Encrypted Data function verifies the encrypted data and confirms that the encryption can be changed before performing Change Encryption Key.

Verifying Encrypted Data

Figure 5-6 Verify Database Encrypted Data


This figure shows the number of data verified and location of the log file.

  1. Log into OHC Tools and select Verify Database Encrypted Data from the ribbon bar.

  2. On the Verify Encrypted Data window, click Verify. If the verification returns a failed message, possibly due to invalid data, correct the error and repeat the process.

  3. Click Close when the process finishes.

Change Database Encryption Key

The Change Database Encryption Key function allows the user to secure and protect important data such as credit card information and user passwords stored in the database using an encryption method compliant to the PA-DSS policy.

Creating an Encryption Passphrase

  1. Login to OHC Tools and select the Change Database Encryption Key from the ribbon bar.

  2. In the Encryption Key Manager window, enter the Passphrase1 and Passphrase 2, Old Fidelio password, Fidelio Password and Confirm password, and then click Apply to proceed.

    Figure 5-7 Encryption Passphrase


    This figure shows the Encryption Key Manager where encryption passphrase is entered.

  3. The system will prompt the user with the message ‘Please ensure there is no application currently running in order to prevent data corruption later’. Click OK to continue.

    The program will prompt the user with a request to stop all running applications if any are running. A backup up process is performed on tables needing to be re-encrypted at the change encryption key. If the data is found to be corrupted during the encryption process, the system will continue the process and prompts the user with a warning at the end of the process and then generates an error log.

    Figure 5-8 Encryption Error Confirmation


    This figure shows the error confirmation and the location of the log file.

  4. At the prompt, choose to Yes to continue replacing the encryption key or No to roll back the process by restoring the backup. The Passphrase is saved in OHCSecurity.par with a one-year validity from the date of encryption.

Change Password Manager

The Change Password function changes the database password, including the MICROS, SMTP, and VOIP passwords, and prevents users from changing the passwords directly from external database tools.

Note:

The User is not allowed to change the Ship’s database password when OHC QCI Sync application is running and requires a user granted with the Database privilege.

Figure 5-9 Password Manager


This figure shows the Password Manager window, where you can update the database password and other application password.

  1. On the OHC Tools window, select Change Password from the ribbon bar.

  2. On the Password Manager window, enter the System User, System Password, Database User and Database Password. Passwords must meet the password specification.

  3. Click Apply to update the database password and save to OHCSecurity.par.

  4. Repeat the above steps to change the password for MICROS, SMTP and VOIP.

Upload Pretty Good Privacy (PGP) Key

The Upload Pretty Good Privacy (PGP) Key is a function used to upload the Public Key (.pkr) and Private Key (.skr), a key pair for functionality that requires a PGP Key. For example, Payroll, Credit Card, DGS Resonline, and Data Import handling.

A key pair can only be generated using third-party tools such as PortablePGP and FileAssurity OpenPGP. Refer to the Payment Application Data Security Standard (PA-DSS) User Guide for more information.

For Credit Card processing, the Ship will send the public key to the credit card provider and in return, receives a public key from the provider.

  1. On the OHC Tools window, select Upload PGP Key from the ribbon bar.

  2. On the PGP Key Uploader window Credit Card tab, click Browse of the Public Key to select a .pkr file to upload. To upload a Private Key, click Browse of Private Key to select a .skr file.

  3. Enter the Key Passphrase if the key is generated with a specific passphrase.

  4. Click Upload to upload the keys. The system prompts ‘Key upload is done successfully’ when the upload completes and both the keys are stored in the TYP_PGP table.

  5. For DGS Credit Card handling, a key version is required.

Note:

The PGP Key has an expiry date and the user must generate a new PGP Key and re-upload to the database after a reminder is prompted. The program does not allow reuse of the same PGP Key.