1. Administration Guide
  2. Managing User Security

3 Managing User Security

All Retail Analytics and Planning applications leverage Oracle Cloud Infrastructure Identity and Access Management (OCI IAM), which is Oracle's cloud-native security and identity platform. This provides a powerful set of hybrid identity features to maintain a single identity for each user across cloud, mobile, and on-premise applications. OCI IAM enables single sign-on (SSO) across all applications in a customer's Oracle Cloud tenancy. Customers can also integrate OCI IAM with other on-premise applications to extend the scope of this SSO.

For complete information on Oracle Retail’s authentication policies, pre-defined user roles, and environment setup information, refer to the Oracle Retail Identity Management for OCI IAM Startup Guide. The Startup Guide is the primary source for the latest information about Oracle Retail user and group management practices across all our applications. The chapter in this document only provides supplemental details.

Application Security Policies

Each application in the platform includes user groups, security policies, application permissions that are specific to their business processes, and user interfaces. The section below provides a high-level summary of these areas with references for accessing additional details.

Retail Insights and Oracle Analytics

Retail Insights Cloud Services are built with role-based access to features and functionality. One set of OCI IAM groups is used to control data access to functional areas such as Sales or Inventory. Another set of groups controls the access level for Oracle Analytics components, such as the ability to create new reports or edit reports in the catalog.

Unlike previous-generation architecture, the RI, OAS, and DV group names are prefixed with a unique tenant ID that is specific to your cloud service. This is necessary because the same Oracle Analytics platform can be shared across multiple Oracle Retail solutions now, and you may also have multiple OAS instances on one IAM (such as Dev, Stage, and Prod environments). The tenant ID is a long string of characters like this:

bd835fj48ffj3lwisda4h

The role names may look like this:

bd835fj48ffj3lwisda4h-BIConsumer_JOB

Refer to the Oracle Retail Identity Management for OCI IAM Startup Guide for example users and their role assignments. Refer to the Retail Insights Administration Guide for an in-depth list of the functional roles that are linked to metadata access in RI.

AI Foundation Cloud Services

Each AI Foundation application on the platform has its own set of groups that determine a user’s access level to that application’s user interface. Groups are divided based on typical business tasks and duties that the user is expected to perform, such as one group for managing markdown optimization configurations and another which only creates and runs scenarios. The groups shown are for production systems; a similar set of groups are appended with _PREPROD for use on non-production systems (except for OAS/DV roles).

Refer to the Oracle Retail Identity Management for OCI IAM Startup Guide for example users and their role assignments. For a complete list of available groups, refer to the Retail AI Foundation Cloud Services Administration Guide.

Planning and Optimization Cloud Services

Merchandise Financial Planning, Assortment Planning, and Inventory Planning Optimization-Demand Forecasting all provide default OCI IAM groups to manage access levels in the application. In each application, user access to various templates can be controlled at the user-group level, and those groups are aligned with OCI IAM. Aside from the default OCI IAM groups, administrators can also create new user groups directly within each applicationand synchronize those groups using Online Administration Tasks.

For a complete list of available groups and more details, refer to the Oracle Retail Identity Management for OCI IAM Startup Guide section on “Planning and Optimization Cloud Services”.