Posts

Posts

  • Jack Desai
    Inbound and Outbound Data File Encryption through ERP...174.7
    Topic posted August 19, 2016 by Jack DesaiRed Ribbon: 250+ Points, tagged Cloud Integration, Export Bulk Data, Extensions, File Based Data Integration - FBDI, Financials, Fusion Applications Integration, Import Bulk Data, Integrated Cloud Services, PaaS - SaaS Extensions, Pre-built Integration, Procurement, Project Portfolio Management, REST Services, SaaS Integration, SOACS, SOAP Services, Supply Chain Management, Transaction Services in Integrations and Extensions public
    Title:
    Inbound and Outbound Data File Encryption through ERP Integration Service
    Summary:
    How to encrypt and decrypt data files between ERP Cloud and On-premise/PaaS
    Content:

    Introduction

    Since your inbound or outbound data files are transmitted over the internet and often times contain company sensitive information and financial transactions like journal entries, invoices, payments and bank records, data encryption is a critical and essential element in implementing your integrations with Oracle ERP Cloud. You can secure data files between Oracle ERP Cloud R11+ and your on-premise/PaaS applications or systems. This is supported through ERP integration service that supports 100+ interfaces across Financials, Project Portfolio Management, Procurement and Supply Chain Management.

    The following diagram illustrates the import integration flow (also known as File-Based Data Import - FBDI). Please refer this post for more details.

    The following diagram illustrates the export process (extracting data out from ERP Cloud). Please refer this post for more details.

    Oracle ERP Cloud supports Pretty Good Privacy (PGP) unsigned encryption with 1024 key size. There are two types of encryption keys:
    1.    Oracle ERP Cloud Key
    2.    Customer Key

    Oracle ERP Cloud PGP Key

    The public key is used by the customer to encrypt the data file and respective private key is used by import bulk data process to decrypt the data file before starting load and import process. The file stored in content server (UCM) remains encrypted. 

    Customer PGP Key

    ERP Cloud uses customer's public key to encrypt the extracted file and uploads to UCM. Customer uses their private key to decrypt the file in on-premise or PaaS systems. 
     

    Manage PGP Certificates

    Certificates establish keys for the encryption and decryption of data that Oracle Cloud applications exchange with other applications. The Oracle Fusion Applications Security Console is an easy-to-use administrative interface that you access by selecting Tools - Security Console on the home page or from the Navigator. Use the Certificates page in the Security Console functional area to manage PGP certificates.

    This is a Security Console Screen:

    Generate ERP Cloud PGP Certificate

    From the Certificates page, select the Generate option. In a Generate page, select the certificate format PGP, and enter values appropriate for the format.

    For a PGP certificate, these values include:

    • An alias (name) and passphrase to identify the certificate uniquely.
    • The algorithm by which keys are generated, DSA or RSA.
    • A key length – select 1024.

    Once the key is generated, customer must export the public key to encrypt the FBDI data file.

    Export Customer's PGP Public Key

    Follow these steps to export public key:

    1. From the Certificates page, select the menu available in the row for the certificate you want to export. Or open the details page for that certificate and select its Actions menu.
    2. In either menu, select Export, then Public Key
    3. Select a location for the export file. By default, this file is called [alias]_pub.asc

    Import Customer's PGP Public Key

    The customer public key will be used by ERP Cloud to encrypt outbound file. Customer will decrypt this file using their private key. Follow these steps to import customer's public key:

    1. On the Certificates page, select the Import button.
    2. In the Import page, select PGP and specify an alias (which need not match the alias of the file you are importing).
    3. Browse for the public-key file, and then select Import and Close.

    The Certificates page displays a record for the imported certificate, with the Private Key cell unchecked.

     

    Enabling Encryption in Import Process

    Please refer this post on automating bulk import process. This post will document additional information to encrypt the file only.

    When enabled, ERP Cloud will decrypt the inbound data file using cloud private key before starting load and import process. These are the following steps to enable encryption in your import process

    1. Encrypt Data (zip) File

    Encrypt inbound data (zip) file using Oracle ERP Cloud public key. Use "gpg" utility in Linux system to encrypt the file as follows:

    Import ERP Cloud public key (one-time configuration) using the following command

    gpg --import <MY_ERP_KEY_pub.asc>

    ###Verify the imported key using this command

    gpg --list-keys

    Once ­public key is imported, use the following command to encrypt your inbound data file:

     

    gpg --cipher-algo=AES -r=<alias> --encrypt <my_data_file>.zip

     

     

    The encrypted file will be renamed as <my_data_file>.zip.gpg.

    2. Add Encryption options in "importBulkData" Payload

    In importBulkData payload, provide the following job options

    Options

    Value

    FileEncryption PGPUNSIGNED

    FA_ALIAS

    ERP Cloud Key Alias Name

    CUSTOMER_ALIAS

    Customer Key Alias Name

     

    Example in your importBulkData request payload: <typ:jobOptions>FileEncryption=PGPUNSIGNED,FA_ALIAS=<ERP_CLOUD_KEY>,CUSTOMER_ALIAS=<CUSTOMER_KEY></typ:jobOptions>

    Note: Alias names are defined when you generate ERP Cloud key or import customer key.

    The following sample payload illustrates the Journal import process request payload:

       <soapenv:Body>
          <typ:importBulkData>
             <typ:document>
                <erp:Content>AAgACAMgAAAB5AQAAAAA=</erp:Content>
                <erp:FileName>journal_1234.zip</erp:FileName>
             </typ:document>
             <typ:jobDetails>
               <erp:JobName>/oracle/apps/ess/financials/generalLedger/programs/common,JournalImportLauncher</erp:JobName>
                <!--Optional:-->
                <erp:ParameterList>#NULL,#NULL,Balance Transfer,#NULL,1,jrd1,N,N,N</erp:ParameterList>
             </typ:jobDetails>
             <typ:notificationCode>10</typ:notificationCode>
             <typ:callbackURL>my_callbacl_endpoint_url</typ:callbackURL>
             <typ:jobOptions>FileEncryption=PGPUNSIGNED,FA_ALIAS=JACK_ERP_KEY,CUSTOMER_ALIAS=JACK_ERP_KEY</typ:jobOptions>
         </typ:importBulkData>
       </soapenv:Body>

     

     

    Enabling Encryption in Export Process

    Please refer this post on automating bulk export process. When enabled, ERP Cloud will encrypt extracted data file using customer’s public key and upload it to UCM. These are the following steps to enable encryption in import process

    1. Add Encryption options in "importBulkData" Payload

    In exportBulkData payload, provide the following job options

    Options

    Value

    FileEncryption PGPUNSIGNED

    FA_ALIAS

    ERP Cloud Key Alias Name

    CUSTOMER_ALIAS

    Customer Key Alias Name

     

    Example in your exportBulkData request payload: <typ:jobOptions>FileEncryption=PGPUNSIGNED,FA_ALIAS=<ERP_CLOUD_KEY>,CUSTOMER_ALIAS=<CUSTOMER_KEY></typ:jobOptions>

    Note: Alias names are defined when you generate ERP Cloud key or import customer key.

    The following sample payload illustrates the export process request payload:

      <soap:Body>
      <ns1:exportBulkData xmlns:ns1="http://xmlns.oracle.com/apps/financials/commonModules/shared/model/erpIntegrationService/types/">
                                <ns1:jobName>job_package_name,job_name</ns1:jobName>
        <ns1:parameterList>48,1001</ns1:parameterList>
        <ns1:jobOptions>FileEncryption=PGPUNSIGNED,FA_ALIAS=JACK_ERP_KEY,CUSTOMER_ALIAS=JACK_ERP_KEY</ns1:jobOptions>
        <ns1:callbackURL>30</ns1:callbackURL>
        <ns1:notificationCode>http://hostname:port/myCallbackService</ns1:notificationCode>

      </ns1:exportBulkData>
    </soap:Body>>

     

    2. Encrypt Data (zip) File

    Decrypt the output file using customer private key. To decrypt outbound data file:

    First you must import customer’s private key as follows:

    gpg --allow-secret-key-import --import <my_private.asc>

    ###Verify the imported key using this command

    gpg --list-keys

     

    Once customer’s private key is imported, use the following command to decrypt your outbound data file:

    gpg --decrypt <EncryptedFileName> > <DecryptedFileName>

     

    Conclusion

    This post provides detailed information on how to protect both inbound and outbound data file. This is in addition to SSL and Oracle Web Service Manager (OWSM) message protection policy over the internet.

  • Kesava Rao Katuri
    PPM Project - ErpObjectAttachmentService - Update Attachment135.0
    Topic posted August 19, 2019 by Kesava Rao KaturiRed Ribbon: 250+ Points, tagged File Based Data Integration - FBDI, Import Bulk Data, Integrated Cloud Services, PaaS - SaaS Extensions, Project Portfolio Management in Integrations and Extensions public
    Title:
    PPM Project - ErpObjectAttachmentService - Update Attachment
    Summary:
    How to update/override the existing attachement in ERP
    Content:

    Hi All

    Using ErpObjectAttachmentService (SOAP), we can either upload or download the attachment(s) which are attached to a particular project.

    Is there a way to update/delete the existing attachment  through API?

    Thanks

    Kesava

  • Kesava Rao Katuri
    PPM Project - Attachment Service10
    Topic posted August 9, 2019 by Kesava Rao KaturiRed Ribbon: 250+ Points, tagged PaaS - SaaS Extensions, Project Portfolio Management, REST Services in Integrations and Extensions public
    Title:
    PPM Project - Attachment Service
    Summary:
    PPM Project - Attachment Service
    Content:

    I'd like to attach a document to the project newly created.

    Created a project using PPM REST API /fscmRestApi/resources/11.13.18.05/projects

    Now planning to attach a document using the ERP soap service : https://ucf5-zgbl-fa-ext.oracledemos.com:443/fscmService/ErpObjectAttachmentService?WSDL

    But need the proper values to be passed for entityName,categoryName. Please suggest

     

          <typ:uploadAttachment>
             <typ:entityName>RA_CUSTOMER_TRX_ALL</typ:entityName>
             <typ:categoryName>CUSTOMER_TRX</typ:categoryName>
             <typ:allowDuplicate>yes</typ:allowDuplicate>
             <!--Zero or more repetitions:-->
             <typ:attachmentRows>
                <erp:UserKeyA>Vision University BU</erp:UserKeyA>
                <erp:UserKeyB>300000024352134</erp:UserKeyB>
                <erp:UserKeyC>WTW0008</erp:UserKeyC>
                <erp:UserKeyD></erp:UserKeyD>
                <erp:UserKeyE></erp:UserKeyE>
                <erp:AttachmentType>FILE</erp:AttachmentType>
                <erp:Title>Attachment.pdf</erp:Title>
                <erp:Content></erp:Content>
             </typ:attachmentRows>
          </typ:uploadAttachment>

  • Yasmin
    Roles and users accessAnswered95.0
    Topic posted September 20, 2017 by YasminSilver Trophy: 7,500+ Points, tagged Financials, HCM, Other, Procurement, Project Portfolio Management, Public Sector, Sales, SCM, Security, Tip in Applications Security public
    Title:
    Roles and users access
    Summary:
    Roles and users access audit report
    Content:

    We are looking to run an audit report to list all the users and their access roles 

    where can we get/run such report?

  • Yasmin
    Mass password resetAnswered85.0
    Topic posted September 21, 2017 by YasminSilver Trophy: 7,500+ Points, tagged Financials, HCM, Other, Procurement, Project Portfolio Management, Public Sector, Sales, SCM, Security in Applications Security public
    Title:
    Mass password reset
    Summary:
    Mass password reset (1000s of users)
    Content:

    Is there any way to Mass password reset (1000s of users) ?

  • Kunal Daya
    Fusion Apps - License ConsumptionAnswered74.0
    Topic posted July 31, 2019 by Kunal DayaRed Ribbon: 250+ Points, tagged Financials, HCM, Other, Procurement, Project Portfolio Management, Sales, SCM, Security, Tip in Applications Security public
    Title:
    Fusion Apps - License Consumption
    Summary:
    Trying to understand how license consumption per user works
    Content:

    Hi Community,

    Can anyone explain how license consumption works in Fusion Applications. IS the consumptions done by by users and what roles they have or is it dependant on what features are enabled?

    Example Issue: We have users high number of users consuming Inventory licenses, however we only should have 10 users using Inventory module.

    Objective; Reduce number of inventory license users and other modules

    Any assistance would be appreciated

    Kind Regards

     

    Version:
    19B
  • Sona Srinivasan
    Overall – Security Console: User Category, 30 May, 2018, 9...7
    Topic posted May 23, 2018 by Sona SrinivasanSilver Medal: 2,000+ Points, tagged Financials, HCM, Procurement, Project Portfolio Management, Public Sector, Sales, SCM, Security in Applications Security public
    Title:
    Overall – Security Console: User Category, 30 May, 2018, 9:00 a.m. PT - Submit Questions
    Content:

    Submit your questions for the Overall – Security Console: User Category session to have them answered during the live event. Post your questions by posting a new comment to this topic.

    Please submit your questions by Tuesday, 29 May 2018.

  • Shyam Singh Patel
    Create Direct Database Query Option Re-Enable in 19AAnswered65.0
    Topic posted February 5, 2019 by Shyam Singh PatelSilver Trophy: 7,500+ Points, tagged Financials, HCM, Other, Procurement, Project Portfolio Management, Public Sector, Sales, SCM, Security, Tip in Applications Security public
    Title:
    Create Direct Database Query Option Re-Enable in 19A
    Summary:
    Create Direct Database Query Option Re-Enable in 19A
    Content:

    Hi All,

    we recently upgraded to 19A and no more able to see Create Direct Database Query Option. it this removed and Moved to other Place?

    Regards

    Shyam

    Image:
  • Yasmin
    Approval Group5
    Topic posted November 30, 2017 by YasminSilver Trophy: 7,500+ Points, tagged Financials, HCM, Procurement, Project Portfolio Management, Security in Applications Security public
    Title:
    Approval Group
    Summary:
    Can approval group be positions or something else rather than Named users?
    Content:

    Can approval group be positions or something else rather than Named users?

  • Sunny Chugh
    ESS Jobs Functional and Data Security4
    Topic posted October 13, 2019 by Sunny ChughSilver Medal: 2,000+ Points, tagged Financials, HCM, Procurement, Project Portfolio Management, SCM, Security in Applications Security public
    Title:
    ESS Jobs Functional and Data Security
    Summary:
    we have few custom ess jobs of BIP type and we would like to know how to secure the ess jobs based on roles/Duties and how to enable data level security on the ESS Job LOVs
    Content:

    Hi

    we have custom ess jobs of BIP type and we would like to know how to secure the ess jobs based on roles/Duties and how to enable data level security on the ESS Job LOVs

    Kindly share if anybody has got the same requirement.

    thanks!

    Regards

    Sunny