1 Security Features

Oracle Retail Data Store (RDS) provides the following security features.

Authentication and Single Sign-On

Authentication in RDS is managed through Oracle Identity Cloud Service (IDCS) or Oracle Cloud Infrastructure Identity and Access Management (OCI IAM). The IDCS or OCI IAM tenant that protects the RDS tools and extensions is the same tenant that is used by the rest of the Oracle Retail suite of applications, enabling SSO. 

Oracle REST Data Services and Application Express

RDS is provisioned with Application Express (APEX) workspaces for each of the Oracle Retail applications that replicate data to RDS for customer use. Access to these workspaces requires a valid IDCS user in the customer's tenant. After being provisioned, the customer is provided with the URLs to access these workspaces and the credentials required to access them. These workspaces can be used to create custom Oracle REST Data Services (ORDS) Restful web services and custom APEX applications. Once created, these custom web services and APEX applications are protected by IDCS or OCI IAM, and do not require the additional APEX user credentials to access them.

Database

When data is replicated into RDS from other Oracle Retail applications, it is stored in schemas that are read-only to the customer. Separate read-write schemas in RDS are made available to the customer to hold their custom extensions for each application. These read-write schemas are accessible and may be manipulated through the APEX workspaces.

When new database objects are replicated into the read-only schemas, they are not initially accessible to the read-write schemas. A process runs periodically that detects new objects and grants read privileges for them to the read-write schema, at which point they may be used in the APEX workspaces for custom extensions.