Release Notes for Oracle Health Insurance Product Definition Patch 4.25.1.0.4

This document contains the release notes for Oracle Health Insurance Product Definition Patch 4.25.1.0.4.

Version compatibility: Oracle Health Insurance Product Definition Release 4.25.1.x is only compatible with other Oracle Health Insurance applications release version 4.25.1.x unless explicitly stated otherwise.

In accordance with the OHI error correction policy (Document 1494031.1 on My Oracle Support), error correction support will be provided for this release and the previous two releases.

Enhancements

ID Summary Patch

ID	Summary	Patch
CPN-3799	Operational Reports and Data Transfer The following changes are made in Operational Reports and Data Transfer: In the previous release, the CSV files generated by the Data Transfer IP did not include a header row. In this release, CSV files include the header. In the previous release, when a query returned no records, the Data Transfer IP responded with HTTP 200 with an empty response body. This behavior is changed to return HTTP 204 (No Content). Two new error messages are introduced in the Operational Reporting IP. The IP returns an HTTP 422 response with one of the following error messages: OHI-IP-ORV-008: View {0} does not exist OHI-IP-ORV-009: Access restriction grant is missing to query the view {0} The following issues specific to On-Prem deployments are fixed: Incomplete or truncated responses when querying very large data. Documentation Links: Developer Guide - Data Transfer Integration Point - CSV Developer Guide - Data Transfer Integration Point - Response Developer Guide - Operational Reporting Integration Point - Error Messages Developer Guide - Data Transfer Integration Point - Response File Format
CPN-4025	Security logs retrieval via API and data transfer Prior to this release, security logs were written only to the file system and were not accessible through any API. With this enhancement, SaaS customers can now retrieve security logs using a dedicated API as well as through the data transfer feature. A new API, `logsecurityevents`, is introduced, backed by the new table `LOG_SECURITY_EVENTS`. A corresponding base view, `PHI_LOG_SECURITY_EVENTS_BV`, is now available to support extraction of security logs via the data transfer feature. This allows customers to schedule regular extracts (e.g., daily) and load the data into their own analytics or SIEM systems. Access to security logs is controlled: The access restriction for `PHI_LOG_SECURITY_EVENTS_BV` is created but not granted automatically to `ALL_VIEW_ACCESS_ROLE`. A dedicated access role must be explicitly granted to users who are allowed to extract security logs. The table `LOG_SECURITY_EVENTS` is included in auto-purge with a default retention period of 7 days. Documentation Links: Administration Guide - Auto Purge Administration Guide - Fetch Security Logs through API
NXT-32017	UI: Additional Features Advanced Search With this enhancement, the following multiple capabilities are added to the advanced search: Ability to select query operators for different search criteria. Ability to specify selected criteria as mandatory in advanced search. Multiple adjustments to reference sheet lines, page searches, and sort, including the ability to search on nulls, the ability to sort on start and end dates, view last updated by, and time details. Documentation Links: Developer Guide - JET UI - References - Components - Advanced Search
NXT-32633	UI: Additional Features Sort With this enhancement, the sort component is updated to display null values based on the sort order, that is, for Default and Criteria: If the sort order is descending, nulls last is applied. If the sort order is ascending, nulls first is applied. It is now possible to specify sorting criteria for a multi-value property (list) configuration in a form and region. Documentation Links: Developer Guide - JET UI - References - Components - Sort Component
NXT-33488	Remove outer join for 'And' mode quick search As part of this enhancement outer join is removed from "AND" mode based quick search and selection pop-up in LOV field. Also, outer join is removed for searches on insurable entity field in JET UI when used in quick search "OR" mode
POL-18132	UI: Conditional display of row-level actions: edit and delete for tabs. This enhancement introduces the ability to control the display of actions (edit/delete) through initconditions. Documentation Links: Developer Guide - JET UI - References - Components - Conditions

CPN-3799

Operational Reports and Data Transfer

The following changes are made in Operational Reports and Data Transfer:

In the previous release, the CSV files generated by the Data Transfer IP did not include a header row. In this release, CSV files include the header.
In the previous release, when a query returned no records, the Data Transfer IP responded with HTTP 200 with an empty response body. This behavior is changed to return HTTP 204 (No Content).
Two new error messages are introduced in the Operational Reporting IP. The IP returns an HTTP 422 response with one of the following error messages:
- OHI-IP-ORV-008: View {0} does not exist
- OHI-IP-ORV-009: Access restriction grant is missing to query the view {0}
The following issues specific to On-Prem deployments are fixed:
- Incomplete or truncated responses when querying very large data.

Documentation Links:
Developer Guide - Data Transfer Integration Point - CSV
Developer Guide - Data Transfer Integration Point - Response
Developer Guide - Operational Reporting Integration Point - Error Messages
Developer Guide - Data Transfer Integration Point - Response File Format

CPN-4025

Security logs retrieval via API and data transfer

Prior to this release, security logs were written only to the file system and were not accessible through any API. With this enhancement, SaaS customers can now retrieve security logs using a dedicated API as well as through the data transfer feature.

A new API, logsecurityevents, is introduced, backed by the new table LOG_SECURITY_EVENTS. A corresponding base view, PHI_LOG_SECURITY_EVENTS_BV, is now available to support extraction of security logs via the data transfer feature. This allows customers to schedule regular extracts (e.g., daily) and load the data into their own analytics or SIEM systems.

Access to security logs is controlled:

The access restriction for PHI_LOG_SECURITY_EVENTS_BV is created but not granted automatically to ALL_VIEW_ACCESS_ROLE.
A dedicated access role must be explicitly granted to users who are allowed to extract security logs.

The table LOG_SECURITY_EVENTS is included in auto-purge with a default retention period of 7 days.

Documentation Links:
Administration Guide - Auto Purge
Administration Guide - Fetch Security Logs through API

NXT-32017

UI: Additional Features Advanced Search

With this enhancement, the following multiple capabilities are added to the advanced search:

Ability to select query operators for different search criteria.
Ability to specify selected criteria as mandatory in advanced search.
Multiple adjustments to reference sheet lines, page searches, and sort, including the ability to search on nulls, the ability to sort on start and end dates, view last updated by, and time details.

Documentation Links:
Developer Guide - JET UI - References - Components - Advanced Search

NXT-32633

UI: Additional Features Sort

With this enhancement, the sort component is updated to display null values based on the sort order, that is, for Default and Criteria:

If the sort order is descending, nulls last is applied.
If the sort order is ascending, nulls first is applied.

It is now possible to specify sorting criteria for a multi-value property (list) configuration in a form and region.

Documentation Links:
Developer Guide - JET UI - References - Components - Sort Component

NXT-33488

Remove outer join for 'And' mode quick search

As part of this enhancement outer join is removed from "AND" mode based quick search and selection pop-up in LOV field. Also, outer join is removed for searches on insurable entity field in JET UI when used in quick search "OR" mode

POL-18132

UI: Conditional display of row-level actions: edit and delete for tabs.

This enhancement introduces the ability to control the display of actions (edit/delete) through initconditions.

Documentation Links:
Developer Guide - JET UI - References - Components - Conditions

Upgrade Steps for Installation

To perform the upgrade, perform the following steps:

Perform any pre-upgrade steps.
Stop all the managed nodes running the existing version of the application.
Perform any pre-undeploy steps.
Undeploy the existing version of the application.
Back up the database.
Perform any post-undeploy steps.
Unpack the release bundle into a directory that we refer to as OHI_ROOT from now on.
Change Installation Configuration: In <OHI_ROOT>/util/install, make a copy of ohi_install.cfg.template and name it ohi_install.cfg.
Edit ohi_install.cfg to contain your specific database connection data and other configuration settings. The settings are explained in the file itself.
Make sure NO connections are present to the database using the OHI_xxx_USER account (where xxx is the abbreviation of the application)
Run the Upgrade script:
1. Open a command window and browse to <OHI_ROOT>/util/install.
2. Run the upgrade by executing ./ohi-update.sh .
Make the required changes to the ohi properties file
Perform any post-upgrade steps
Start WebLogic application server
Deploy the Application
Perform any post-deploy steps

Configuration Properties

Ref	Action	Description
PRD-5344	Added	ohi.httpapi.query.dynamicdata.fetchexplicit.disable Property to disable query api behavior where dynamic fields and records are returned only for the lists explicitly specified in the fields parameter.

Ref

Action

Description

PRD-5344

Added

ohi.httpapi.query.dynamicdata.fetchexplicit.disable

Property to disable query api behavior where dynamic fields and records are returned only for the lists explicitly specified in the fields parameter.

Web Services

Ref Action Description

Ref	Action	Description
CPN-3799	Modified	Data Transfer IP CSV files generated by the Data Transfer IP includes the header. When the query returned no records, the Data Transfer IP responds with HTTP 204 (No Content).
CPN-3799	Modified	Operational Reporting IP Two new error messages are introduced in the Operational Reporting IP. The IP returns an HTTP 422 response with one of the following error messages: OHI-IP-ORV-008: View `{0}` does not exist OHI-IP-ORV-009: Access restriction grant is missing to query the view `{0}`

CPN-3799

Modified

Data Transfer IP

CSV files generated by the Data Transfer IP includes the header.
When the query returned no records, the Data Transfer IP responds with HTTP 204 (No Content).

CPN-3799

Modified

Operational Reporting IP

Two new error messages are introduced in the Operational Reporting IP. The IP returns an HTTP 422 response with one of the following error messages:

OHI-IP-ORV-008: View {0} does not exist
OHI-IP-ORV-009: Access restriction grant is missing to query the view {0}

Data Conversion

This section intentionally left blank.

Dynamic Logic

This section intentionally left blank.

UI Changes

This section intentionally left blank.

Breaking Changes

Ref Action Description

Ref	Action	Description
CPN-4025	Modified	securityAppender A new MDC (Mapped Diagnostic Context) field, `user`, has been introduced for security logs. To ensure this information appears in the security log file, update the log pattern for the `securityAppender` (which uses `RollingFileAppender`) to include the `user` MDC field. Example updated pattern: `<appender name="securityAppender" class="ch.qos.logback.core.rolling.RollingFileAppender"> <encoder> <pattern>%d{ISO8601} [ %t ] %marker %c - %m [user:%X{user:-N/A}] %n</pattern> </encoder> ... </appender>` Also, security log messages now refer to the "login name" of the user instead of the "ID" of the user.

CPN-4025

Modified

securityAppender

A new MDC (Mapped Diagnostic Context) field, user, has been introduced for security logs. To ensure this information appears in the security log file, update the log pattern for the securityAppender (which uses RollingFileAppender) to include the user MDC field.

Example updated pattern:

<appender name="securityAppender" class="ch.qos.logback.core.rolling.RollingFileAppender">
    <encoder>
        <pattern>%d{ISO8601} [ %t ] %marker %c - %m [user:%X{user:-N/A}] %n</pattern>
    </encoder>
    ...
</appender>

Also, security log messages now refer to the "login name" of the user instead of the "ID" of the user.

Access Restrictions

This section intentionally left blank.

Bug Fixes

BugDB	SR	Internal	Summary
38783264	3-42657322711	PRD-5263	There is no way to know if/when products http build is complete
Description:	In the JET UI page for Operations > Data Exchanges > Outbound Exchange > Products Http, there is no way for the user to know that the build is complete after they have clicked the build button. There is no progress indicator.
Resolution:	Progress indicator is added to notify user that Build is in progress
38698724		PRD-5250	Error is displayed when user adds adjudication stop/continue limit
Description:	While adding adjudication stop/continue limit and regime is not selected for Product Service Definition, an error gets displayed
Resolution:	Fix added to disable Add link shown in Adjudication Stop/Continue Limit when Regime is not present.
38963511	4-0001791688	PRD-5344	Control dynamic Data retrieval in Generic API using a flag
Description:	Dynamic fields and records were returned only for the lists explicitly specified in the fields parameter.
Resolution:	This introduces a property ohi.httpapi.query.dynamicdata.fetchexplicit.disable to disable query api behavior where dynamic fields and records are returned only for the lists explicitly specified in the fields parameter. Note : This property will be taken out in a future 4.25.1.x patch version.

BugDB

Internal

Summary

38783264

3-42657322711

PRD-5263

There is no way to know if/when products http build is complete

Description:

In the JET UI page for Operations > Data Exchanges > Outbound Exchange > Products Http, there is no way for the user to know that the build is complete after they have clicked the build button. There is no progress indicator.

Resolution:

Progress indicator is added to notify user that Build is in progress

38698724

PRD-5250

Error is displayed when user adds adjudication stop/continue limit

Description:

While adding adjudication stop/continue limit and regime is not selected for Product Service Definition, an error gets displayed

Resolution:

Fix added to disable Add link shown in Adjudication Stop/Continue Limit when Regime is not present.

38963511

4-0001791688

PRD-5344

Control dynamic Data retrieval in Generic API using a flag

Description:

Dynamic fields and records were returned only for the lists explicitly specified in the fields parameter.

Resolution:

This introduces a property ohi.httpapi.query.dynamicdata.fetchexplicit.disable to disable query api behavior where dynamic fields and records are returned only for the lists explicitly specified in the fields parameter.

Note : This property will be taken out in a future 4.25.1.x patch version.

Issues that were backported in previous Release / Patch

No backports.