1. Setting Up and Configuring Account Reconciliation
  2. Setting Up Reconciliation Compliance
  3. Configuring Reconciliation Compliance
  4. Defining System Settings
  5. Using Oracle Cloud Object Storage to Store Attachments
  6. Steps to Use OCI Object Storage with Account Reconciliation
  7. Setting Up OCI Object Storage

Setting Up OCI Object Storage

A separate subscription to OCI Object Storage is required in order to use this feature. Note that a Bucket is a logical container in OCI Object Storage for storing objects. In the context of Account Reconciliation, your attachments are considered objects.

The high level steps in OCI Object Storage are listed here:

  1. Create a Bucket in OCI Object Storage to store your Account Reconciliation attachments. For instructions, see Creating a Bucket .

    Note:

    You can create a bucket in an existing compartment or create a new compartment for Account Reconciliation attachments.

    Here's an example of a set up Bucket.


    Object storage configuration

    Note:

    Ensure that Auto-Tiering is disabled for the bucket.
  2. You need to keep the Lifecycle Policy Rules as is in OCI Object Storage. Do not change this.

  3. Optional: Retention Rules in OCI Object Storage follow your company's audit requirements (for example five to seven years).

  4. In Oracle Cloud Infrastructure (OCI), you need to create a user for Account Reconciliation and grant that user at least READ and WRITE access but do not grant DELETE access. The user can be an Identity and Access Management (IAM) user or a Federated user.

    We recommend a separate user be created for accessing Object Storage for Account Reconciliation. This user has to be granted privileges to access to the attachment storage bucket and to manage objects in the bucket.

  5. You need to create a group to assign policies.

    Access to Object Storage is managed by Identity and Access Management (IAM) policies. Common object storage policies can be found in https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/commonpolicies.htm#write-objects-to-buckets

    To create IAM policies, refer to this guide https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm

    Here is an example of the policy that is required.

    • Allow group ArcsAttachmentWriters to read buckets in compartment ABC

    • Allow group ArcsAttachmentWriters to manage objects in compartment ABC where all {target.bucket.name='ArcsAttachments', any {request.permission='OBJECT_CREATE', request.permission='OBJECT_INSPECT', request.permission='OBJECT_READ'}}

  6. An auth token has to be created for the user. For details, see https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingcredentials.htm#Working

    Note:

    The auth token will not be displayed after it has been created so make a note of the token since it ill be used later in the configuration process.
  7. Once you have created the Bucket and created a user, you need to set up OCI Object Storage in Account Reconciliation so that the connection is made using the Bucket URL and the Username and Password. See Setting Up OCI Object Storage in Account Reconciliation.