Managing Login Names and Passwords

19 Managing Login Names and Passwords

Learn how to manage login names and passwords in Oracle Communications Billing and Revenue Management (BRM).

Topics in this document:

Managing Login Names and Passwords for BRM Access

To access the BRM database, a client application must provide the following:

An account name
The password for that account
The service
The database number of the BRM database

There are two services created to manage client connections: admin_client and pcm_client.

BRM client applications log in to the admin_client service.
Other BRM utilities and programs, such as optional service integration components, log in to the pcm_client service.

For more information about the BRM users, see the following:

Default Users

Prior to BRM 15.0, when you installed BRM, the system created a single user account with general permission to the BRM system. This login name was root.0.0.0.n (where n is your database number), and you provide its password during the BRM installation process. This account is still created in BRM 15.0, but it is no longer the only user created.

The default users that are created in addition to the root account are listed in Table 19-1. In the table, db_num represents the database number, for example, 0.0.0.1.

Table 19-1 Default Users Created During Installation

User Name	Role Names	Description
acct_recv.db_num	AccountsReceivableRole	This user runs A/R utilities.
bc_client.db_num	BillingCareRole	This is the user for the Billing Care client.
bill_inv_pymt_sub.db_num	BillInvPymtSubscrnRole	This user runs billing, invoicing, payments and subscriptions.
billing.db_num	BillingRole	This user runs billing utilities.
boc_client.db_num	BOCAdminClientRole BOCPcmClientRole	This is the user for the Business Operations Center (BOC) client. It also runs the pin_generate_analytics utility for BOC.
collections.db_num	CollectionsutilsRole	This user runs Collections utilities.
crypt_utils.db_num	CryptutilsRole	This user runs crypt utilities.
cust_center.db_num	CustomerCenterRole	This is the user for Customer Center.
cust_mgnt.db_num	CustomermanagerRole	This user runs subscription tools.
ece.db_num	ECERole	This is the user for Elastic Charging Engine (ECE).
invoicing.db_num	InvoicingRole	This user runs invoicing utilities.
java_client.db_num	JavaAppPcmClientRole JavaAppAdminClientRole	This user runs Java utilities.
load_utils.db_num	LoadutilsRole	This user runs load utilities.
payments.db_num	PaymentsRole	This user runs payments utilities.
pcc_client.db_num	PipelineConfigCenterRole	This is the user for Pipeline Configuration Center.
rerating.db_num	ReratingRole	This user runs rerating utilities.
rsm.db_num	RestServicesManagerRole	This is the user for Rest Services Managers.
super_user.db_num	SuperUserRole	Creates, updates, and deletes roles.
ui_client.db_num	ThickClientsRole	This is the user for thick clients.

Users are created to run all of the admin clients. See Table 19-2 for the users associated with each client. In the table, db_num represents the database number, for example, 0.0.0.1.

Table 19-2 Admin Client Default Users

User Name	Associated Clients
bc_client.db_num	Billing Care
boc_client.db_num	Business Operations Center
cust_center.db_num	Customer Center
pcc_client.db_num	Pipeline Configuration Center (PCC)
root.db_num	Developer Center
rsm.db_num	Rest Services Manager
ui_client.db_num	BusinessConfigurationCenter CollectionsConfigurator CustomerCareSDK GSMMgrCustCtrExt IPAddressAdministrationCenter NumberAdministrationCenter PaymentCenter PermissioningCenter PricingCenter RevenueAssuranceCenter SelfCareManager SIMAdministrationCenter SuspenseManagementCenter VoucherAdministrationCenter

The default users can run specific pcm_client applications. These applications must be run from the directories listed in Table 19-3 to avoid authorization failure errors. These directories also contain the pin.conf or Infranet.properties files, which contain the user names listed below. In the table, db_num represents the database number, for example, 0.0.0.1.

Table 19-3 PCM Client Applications and Their Base Directories and Default Users

Component	Application	Directory	User
A/R	pin_mass_refund pin_refund pin_roll_up_ar_items	$PIN_HOME/apps/pin_billd	bill_inv_pymt_sub.db_num
A/R	pin_apply_bulk_adjustment	$PIN_HOME/apps/pin_bulk_adjust	acct_recv.db_num
Billing	pin_bill_accts pin_cycle_fees pin_make_corrective_bills pin_rollover pin_update_journal pin_cycle_forward	$PIN_HOME/apps/pin_billd	bill_inv_pymt_sub.db_num
Billing	pin_trial_bill	$PIN_HOME/apps/pin_trial_bill	billing.db_num
Collections	pin_collections_process pin_collections_send_dunning	$PIN_HOME/apps/pin_collections	collections.db_num
Crypt Utilities	pin_crypt_upgrade pin_crypt_upgrade_keys	$PIN_HOME/apps/pin_crypt	crypt_utils.db_num
Customer Management	pin_contracts pin_deferred_act pin_gen_notifications	$PIN_HOME/apps/pin_billd	bill_inv_pymt_sub.db_num
Customer Management	pin_deposit_calc_interest pin_deposit_release_purchased_deposit pin_deposit_transfer_deposit	$PIN_HOME/apps/pin_deposits	cust_mgnt.db_num
Customer Management	pin_monitor_balance	$PIN_HOME/apps/pin_monitor	cust_mgnt.db_num
Customer Management	pin_state_change	$PIN_HOME/apps/pin_state_change	cust_mgnt.db_num
Customer Management	pin_unlock_service	$PIN_HOME/apps/pin_unlock_service	cust_mgnt.db_num
Invoicing	pin_upd_assoc_bus_profile	$PIN_HOME/apps/pin_billd	bill_inv_pymt_sub.db_num
Invoicing	pin_inv_accts	$PIN_HOME/apps/pin_inv	invoicing.db_num
Invoicing	pin_inv_send pin_inv_export	$PIN_HOME/apps/pin_inv	invoicing.db_num
Invoicing	pin_inv_doc_gen	$PIN_HOME/apps/pin_inv_doc_gen	invoicing.db_num
Java Applications	batch_controller	$PIN_HOME/apps/batch_controller	java_client.db_num
Java Applications	cmt	$PIN_HOME/apps/cmt	java_client.db_num
Java Applications	perflib	$PIN_HOME/apps/perflib	java_client.db_num
Java Applications	pin_job_executor	$PIN_HOME/apps/pin_job_executor	java_client.db_num
Java Applications	pin_rel	$PIN_HOME/apps/pin_rel	java_client.db_num
Java Applications	pin_virtual_gen	$PIN_HOME/apps/pin_virtual_columns	java_client.db_num
Java Applications	sampleHandler	$PIN_HOME/apps/sample_handler	java_client.db_num
Java Applications	uel	$PIN_HOME/apps/uel	java_client.db_num
Java Applications	PortalDevKit	$PIN_HOME/PortalDevKit	java_client.db_num
Java Applications	amt	$PIN_HOME/sys/amt	java_client.db_num
Java Applications	web_services	Not applicable	java_client.db_num
Load Utilities	load_channel_config	$PIN_HOME/apps/load_channel_config	load_utils.db_num
Load Utilities	load_config	$PIN_HOME/apps/load_config	load_utils.db_num
Load Utilities	load_pin_ar_taxes	$PIN_HOME/apps/pin_ar_taxes	load_utils.db_num
Load Utilities	load_ara_config_object	$PIN_HOME/setup/scripts	load_utils.db_num
Load Utilities	load_brm_pricing load_config_business_event load_config_dist load_config_item_tags load_config_item_types load_config_provisioning_tags load_content_srvc_profiles load_edr_field_mapping load_event_map load_localized_strings load_pin_ach load_pin_batch_suspense_override_reason load_pin_batch_suspense_reason_code load_pin_beid load_pin_bill_suppression load_pin_billing_segment load_pin_bus_params load_pin_business_profile load_pin_calendar load_pin_config_auth_reauth_info load_pin_config_batchstat_link load_pin_config_business_type load_pin_config_controlpoint_link load_pin_config_export_gl load_pin_config_ood_criteria load_pin_config_ra_alerts load_pin_config_ra_flows load_pin_config_ra_thresholds load_pin_customer_segment load_pin_dealers load_pin_device_permit_map load_pin_device_state load_pin_event_record_map load_pin_excluded_logins load_pin_glchartaccts load_pin_glid load_pin_impact_category load_pin_invoice_data_map load_pin_network_elements load_pin_notify load_pin_num_config load_pin_order_state load_pin_payment_term load_pin_recharge_card_type load_pin_remittance_flds load_pin_remittance_spec load_pin_rerate_flds load_pin_rtp_trim_flist load_pin_rum load_pin_service_framework_permitted_service_types load_pin_sim_config load_pin_snowball_distribution load_pin_spec_rates load_pin_sub_bal_contributor load_pin_suspense_editable_flds load_pin_suspense_edr_fld_map load_pin_suspense_override_reason load_pin_suspense_params load_pin_suspense_reason_code load_pin_telco_provisioning load_pin_telco_service_order_state load_pin_telco_tags load_pin_uniqueness load_pin_verify load_pin_voucher_config load_suspended_batch_info load_tax_supplier load_transition_type load_usage_map loadpricelist pin_load_invoice_events pin_load_invoice_template pin_load_rerate_jobs pin_load_template	$PIN_HOME/sys/data/config	load_utils.db_num
Misc	pin_channel_export	$PIN_HOME/apps/exportapps	load_utils.db_num
Misc	pin_event_extract	$PIN_HOME/apps/pin_event_extract	rerating.db_num
Misc	pin_export_price	$PIN_HOME/apps/pin_export_price	load_utils.db_num
Misc	pin_generate_analytics/	$PIN_HOME/apps/pin_generate_analytics	boc_client.db_num (pcm_client)
Misc	pin_ra_check_thresholds	$PIN_HOME/apps/pin_ra_check_thresholds	bill_inv_pymt_sub.db_num
Misc	pin_remittance pin_remit_month	$PIN_HOME/apps/pin_remit	bill_inv_pymt_sub.db_num
Misc	load_price_list/	$PIN_HOME/setup/scripts	load_utils.db_num
Payments	pin_balance_transfer	$PIN_HOME/apps/pin_balance_transfer	payments.db_num
Payments	pin_cc_migrate pin_deposit pin_collect pin_recover	$PIN_HOME/apps/pin_billd	bill_inv_pymt_sub.db_num
Payments	pin_installment_status_change pin_installments	$PIN_HOME/apps/pin_installments	payments.db_num
Payments	pin_sepa	$PIN_HOME/apps/pin_sepa	payments.db_num
Rerating	load_pin_rerate_flds pin_rate_change pin_rerate	$PIN_HOME/apps/pin_rerate	rerating.db_num

The root account includes two services: admin_client and pcm_client.

BRM client applications log in to the admin_client service.
Other BRM utilities and programs, such as optional service integration components, log in to the pcm_client service.

Note:

You cannot change the payment method of the default accounts or make them parent or child accounts.

Custom Users

When you set up a production BRM system, you create additional accounts—for example, one for each of your customer service representatives (CSRs)—and associate one or more services with each account. You give each account a password and grant certain privileges to the account. For example, you might want to allow only some of your CSRs to handle payment disputes. you must also add an entry in the wallet with a name in the format username_login_pw for the new user.

Before creating CSR accounts, you must use PDC to create and load a CSR package, which defines the services available to CSRs.

You also need to provide an account for any extended applications you use with BRM.

When you create users, you must assign them to roles. These roles can be either predefined or custom. For information about managing custom roles, see "Role Opcode Workflows" in Opcode Guide. Table 19-4 contains information about the roles that are configured by default during installation. In the table, db_num represents the database number, for example, 0.0.0.1.

Table 19-4 Default Roles Created During Installation

Role Name	Role Object	Service Objects	Description
AccountsReceivableRole	db_num /config/role 408 0	db_num /service/pcm_client 408 0	Allows users to run A/R utilities.
BillingCareRole	db_num /config/role 416 0	db_num /service/admin_client 416 0	Allows users to run the Billing Care client.
BillingRole	db_num /config/role 402 0	db_num /service/pcm_client 402 0	Allows users to run billing utilities.
BillInvPymtSubscrnRole	db_num /config/role 412 0	db_num /service/pcm_client 412 0	Allows users to run billing, invoicing, payments and subscriptions.
BOCAdminClientRole	db_num /config/role 415 0	db_num /service/admin_client 415 0	Allows users to run the BOC client.
BOCPcmClientRole	db_num /config/role 414 0	db_num /service/pcm_client 414 0	Allows users to run pin_generate_analytics utility for BOC.
CollectionsutilsRole	db_num /config/role 411 0	db_num /service/pcm_client 411 0	Allows users to run collections utilities.
CryptutilsRole	db_num /config/role 405 0	db_num /service/pcm_client 405 0	Allows users to run crypt utilities.
CustomerCenterRole	db_num /config/role 417 0	db_num /service/admin_client 417 0	Allows users to run the Customer Center client.
CustomermanagerRole	db_num /config/role 406 0	db_num /service/pcm_client 406 0	Allows users to run subscription tools.
ECERole	db_num /config/role 421 0	db_num /service/pcm_client 421 0	Allows users to run the ECE client.
InvoicingRole	db_num /config/role 403 0	db_num /service/pcm_client 403 0	Allows users to run invoicing utilities.
JavaAppAdminClientRole	db_num /config/role 410 0	db_num /service/admin_client 410 0	Allows users to run admin_client Java utilities.
JavaAppPcmClientRole	db_num /config/role 409 0	db_num /service/pcm_client 409 0	Allows users to run pcm_client Java utilities.
LoadutilsRole	db_num /config/role 413 0	db_num /service/pcm_client 413 0	Allows users to run load utilities.
PaymentsRole	db_num /config/role 404 0	db_num /service/pcm_client 404 0	Allows users to run payments utilities.
PipelineConfigCenterRole	db_num /config/role 418 0	db_num /service/admin_client 418 0	Allows users to run the Pipeline Configuration Center.
ReratingRole	db_num /config/role 407 0	db_num /service/pcm_client 407 0	Allows users to run rerating utilities.
RestServicesManagerRole	db_num /config/role 419 0	db_num /service/admin_client 419 0	Allows users to run Rest Services Managers.
SuperUserRole	db_num /config/role 1 0	db_num /service/pcm_client 3 0 db_num /service/admin_client 4 0	User to create, update, delete roles.
ThickClientsRole	db_num /config/role 420 0	db_num /service/admin_client 420 0	Allows users to run thick clients.

Configuring the Maximum Number of Invalid Login Attempts

You configure the maximum number of invalid login attempts by setting the MaxLoginAttempts business parameter.

To configure the maximum number of invalid login attempts:

Go to BRM_home/sys/data/config.
Create an XML file from the /config/business_params object:
```
pin_bus_params -r BusParamsActivity bus_params_act.xml 
```
See "pin_bus_params" in BRM Developer's Guide for information about the utility's syntax and parameters.
In the file, set the value to the maximum number of login attempts:
```
<MaxLoginAttempts>5</MaxLoginAttempts>
```
The default value is 5.
Save the file as bus_params_act.xml.
Load the XML file into the BRM database:
```
pin_bus_params bus_params_act.xml
```
Stop and restart the CM.

Configuring the CM to Verify Application Logins with the Service Only

By default, the CM is configured to require a service, a login name, and a password. This provides secure access to BRM.

If only secure applications will connect to your CM, you can speed up the login process by configuring the CM to verify only the service but not require a login name or password.

To configure the CM to verify application logins with the service only:

Open the CM configuration file (BRM_home/sys/cm/pin.conf).
Change the cm_login_module entry from cm_login_pw001.dll to cm_login_null.dll:
```
- cm cm_login_module cm_login_null.dll 
```
Save and close the file.
Stop and restart the CM.
Configure the applications that connect with this CM to provide only service information at log in. In the configuration file for each application, set login_type to 0, and ensure a valid service is listed for userid.

Note:

CM Proxy provides another way of connecting to BRM without using a login name and password. See "Using CM Proxy to Allow Unauthenticated Log On".

Enabling Password Restriction for /service Objects

In BRM, you can use password restriction to secure the creation, modification, and deletion of /service objects.

Password restriction forces passwords to adhere to the following rules:

Contain a minimum of 8 characters. It is recommended to use the longer password.
Include at least one numeric character, one uppercase character, one lowercase character, and one special character.
Different from the previous four passwords (NA for customer account creation and service creation).
Should not include any part of the user ID.
Should not contain dictionary words.
Should not contain commonly used combinations.
Should not contain birthday of a user or a name of the related person or other personal facts.
Should contain minimum six digits for mobile devices.

You can configure the password restrictions using the PCM_OP_CUST_POL_VALID_PASSWD opcode.

By default, password restriction for /service objects is disabled in BRM. To enable it, run the pin_bus_params utility to change the EnablePasswordRestriction business parameter. For information about this utility, see "pin_bus_params" in BRM Developer's Guide.

To enable password restriction for /service objects:

Go to BRM_home/sys/data/config.

Create an XML file from the /config/business_params object:

pin_bus_params -r BusParamsCustomer bus_params_customer.xml

In the file, set <EnablePasswordRestriction> to enabled:

<EnablePasswordRestriction>enabled</EnablePasswordRestriction>

Save this file as bus_params_customer.xml.
Load the XML file into the BRM database:
```
pin_bus_params bus_params_customer.xml
```
Stop and restart the CM.

Storing Passwords in Oracle Wallet

By default, the BRM Installer stores sensitive information, such as database and account passwords, in the Oracle wallet, and BRM applications retrieves the passwords from the Oracle wallet. However, if the database and account passwords are also stored in the Infranet.properties and pin.conf configuration files, the BRM applications retrieve the passwords from the configuration files. The BRM applications automatically decrypt the encrypted passwords when retrieving them from the configuration files.

By default, the passwords in the configuration files are encrypted in the Oracle ZT PKI format. For more information, see "Encrypting Data" in BRM Developer's Guide.

Note:

To encrypt passwords for client applications or optional managers that are not part of base BRM or that are associated with customizations, use the pin_crypt_app utility. For details, see "About Encrypting Passwords" in BRM Developer's Guide.

When you encrypt a password for the Connection Manager (CM), ensure that the password adheres to the following rules:

Contain a minimum of eight characters
Include at least one numeric character, one uppercase character, and one special character
Differ from the previous four passwords
Not include any part of the user ID

Configuring Applications to Provide Login Information

BRM client applications provide login information in the login dialog box.

BRM Java-based applications, including Pricing Center, Customer Center, and Configuration Center, ask the user for port numbers and database names when the application starts.

To change most connection information for Java-based client applications, use the login dialog box, which appears when you start the application. The application uses this default information for subsequent sessions.