Setting Up OCI Object Storage

A separate subscription to OCI Object Storage is required to use this feature. Note that a Bucket is a logical container in OCI Object Storage for storing objects. In the context of Task Manager, Supplemental Data Manager, and Enterprise Journals, your attachments are considered objects.

The high level steps in OCI Object Storage are listed here:

  1. Create a Bucket in OCI Object Storage to store your attachments. For instructions, see Creating a Bucket.

    Note:

    You can create a bucket in an existing compartment or create a new compartment for the attachments.

    Here's an example of a set up Bucket.

    Bucket Information

    To enable you to test access to the bucket and to switch seamlessly from a test environment to a production environment, it is recommended that you create two folders within the bucket – one folder for the test environment and another folder for the production environment. For example, if you create a bucket named task_manager_rec_data to store your attachments, create folders test and prod within this bucket. During the implementation phase, use the test folder by specifying the bucket URL as <bucket_url>/test. When moving to the production environment, switch the bucket configuration to <bucket_url>/prod. The folder test can subsequently be deleted without any impact in the production environment.

  2. Ensure that Auto-Tiering is disabled for the bucket. See Managing Auto-Tiering for an Object Storage Bucket.
  3. You need to keep the Lifecycle Policy Rules as is in OCI Object Storage. Do not change this.
  4. Optional: Retention Rules in OCI Object Storage follow your company's audit requirements (for example five to seven years).

  5. In Oracle Cloud Infrastructure (OCI), you need to create a user for Financial Consolidation and Close and grant that user at least READ and WRITE access but do not grant DELETE access. The user can be an Identity and Access Management (IAM) user or a Federated user.

    We recommend a separate user be created for accessing Object Storage for Financial Consolidation and Close. This user has to be granted privileges to access to the attachment storage bucket and to manage objects in the bucket.

  6. You need to create a group to assign policies.

    Access to Object Storage is managed by Identity and Access Management (IAM) policies. Common object storage policies can be found in https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/commonpolicies.htm#write-objects-to-buckets

    To create IAM policies, refer to this guide https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm

    Here is an example of the policy that is required.

    • Allow group FccsAttachmentWriters to read buckets in compartment ABC

    • Allow group FccsAttachmentWriters to manage objects in compartment ABC where all {target.bucket.name='FccsAttachments', any {request.permission='OBJECT_CREATE', request.permission='OBJECT_INSPECT', request.permission='OBJECT_READ'}}

  7. An auth token has to be created for the user. For details, see https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingcredentials.htm#Working

    Note:

    The auth token will not be displayed after it has been created so make a note of the token since it will be used later in the configuration process.
  8. Once you have created the Bucket and created a user, you need to set up OCI Object Storage in Financial Consolidation and Close so that the connection is made using the Bucket URL, Username , and Password. See Setting Up OCI Object Storage in Financial Consolidation and Close.