1. Security Guide – volume 1
  2. Merchandising Cloud Service Suite Authentication, Authorization and Data Filtering
  3. Data Security/Filtering

Data Security/Filtering

Oracle Retail Cloud Service offers an additional optional layer of data filtering. Data filtering in the application UI limits the data end users see by levels in the merchandise and organizational hierarchies.

Note:

Data Filtering is implemented in all Merchandising Cloud Service Suite applications, with the exception of Allocation.

Data level security is configured by assigning users to a data security group within Merchandising Cloud Service Suite. All users within a group would have similar access to a particular section of the merchandise or organizational hierarchy. For example, a group may be defined for a particular division, giving users across Application Roles access to the departments, classes, subclasses, and items in that division.

To implement data security/filtering, Data Security Groups must be defined in Merchandising Cloud Service Suite. These groups are associated with levels of the merchandise and organizational hierarchies. Every application user must also be defined in Merchandising Cloud Service Suite and assigned to Data Security Groups. The processes for defining these groups, hierarchy associations and users is detailed in Chapter 3, Data Security/Filtering in the Merchandising Cloud Services Administration Guide.

Note:

Adding these users to Merchandising Cloud Services for data security/filtering purposes is a manual process (via spreadsheet upload). Users are not automatically loaded from IDCS or OCI IAM for data security purposes.

When considering whether to implement data filtering/security, customers should consider the benefits of data filtering and the processes they would need to implement to synchronize Merchandising Cloud Service Suite with IDCS or OCI IAM. As authentication is based on user definition in IDCS or OCI IAM (which includes Enterprise Role), it is possible that a user could authenticate correctly and reach Merchandise Cloud Service and based on the mapping of their Enterprise Role to Application Role, be authorized to access various user interfaces. However, if the data filtering/security is in use, and the user is defined in Merchandising Cloud Service Suite or not associated with a Data Security Group, the user may not see certain types of data in the application.