Monday, July 31, 2017

#590 - ICS roles

I get quite a lot of questions about the user roles available in ICS. Some of the questions relate to user access to data. For example, how do I prevent developers seeing payload values, such as credit card number.

The starting place for eliciting such information should be the ORCL docs - here I read

Here are those roles in the cloud admin console -

That's a lot more roles than detailed in the doc.
Suffice to say, many of these are cloud admin roles -
Identity Domain Administrator allows me to manage users etc.

Let's just concentrate on the following -

  • user
  • monitor
  • runtime

I will grant the user role to Uncle Paudge -

I will grant the monitor role to Pat Mooney -

I will grant the runtime role to Snowy Moran

Now let's log in as the various users -

Uncle Paudge (Developer / user role) - 

He has access to all the top level components.
This is the optimal role for developers -
As the doc states -

Enables you to access all parts of Oracle Integration Cloud
Service to perform the following tasks:
• Create, deploy, and monitor integrations.
• Upload security certificates.

Now to the question, what if I do not want developers to see confidential info contained
in the payloads passing thru ICS?

At one level, the developer can do everything, well almost. She can log payloads, when activating integrations   -

But as you can read above, this is not recommended in a production environment.

Also worth noting, the developer with the user role can manage all of the settings -

Best solution in this case, is to have a separate production environment. The developers can
do their stuff in the Development environment. Deploying to Production can be restricted. You could also use the REPL based Admin tool for ICS. This tool was developed by the Oracle A-Team and is detailed in a previous post.

I now log in as Pat Mooney the monitor -

Pat Mooney (Integration Monitor / monitor role)


at first glance, it looks as if Pat has access to all components, but
let's click on integrations -

I click on Dashboard -

However, the monitor role does allow access to the settings -

This is something you will have to keep in mind.

Let's now look at the runtime role -

Snowy Moran (mobile developer / runtime role)

Snowy develops mobile apps and needs to call ICS to access backend services.

He sees all the icons when he logs in, but cannot access anything.

But let's go to Postman and try the ICS REST API

First attempt, without any authorisation - I get Authorisation Required.

I add Snowy's credentials -

As you can see, our mobile developer cannot just execute any ICS REST API.
The API I selected was on that lists all integrations on ICS.

He can only execute an ICS integration, with this role.

Here is one I prepared earlier -

The URL is as follows -


I execute this in Postman, using Snowy's credentials -

Wednesday, July 19, 2017

#589 concise doc explaining all things Fusion Apps

For those of you who are somewhat confused by the world of Fusion Apps.
Read and be assuaged.

Click here

#588 Oracle has been named a leader in the Forrester Wave Digital Process Automation Software

Rock on Oracle Process Cloud Service (PCS)

Oracle was cited by Forrester as a leader 

with the highest possible scores for the following -

·        Low-code/no-code
·        Smart forms and user experience
·        Process flow and design
·        Mobile engagement
·        API support
·        Data virtualization
·        Deployment options
·        Ease of implementation

Read all about it here

Tuesday, July 18, 2017

#587 It's the Platform, stupid!

Great article here from Den Howlett, a much respected industry pundit.

The article discusses Workday's plan for a developer platform, to
allow partners to integrate with and extend their offerings.
Sounds a bit deja vu when one considers that has been
Oracle's mantra since Day 1 of the cloud journey.

The article goes on to stress the importance of PaaS -

Analysts are of the belief that in the 21st century enterprise world, it is the platform that wins, not the application solution set per se. The reason is easy to see.

Here is the link to the full article.

#586 - PCS - features --> computed fields, notify activity, doc initiated processes

Just a short post about some features I have been asked about.

Adding computed field to a form 

Here is my Business Object -

I want to add a computed field to the form for the total price
(quantity * unitPrice)

Here is the basic form -

I add an extra field to the form - totalPrice and
configure as follows -

Setting email variables in Notify Activity

Here is my simple process -

I edit the EmailCustomer activity -

First step is to set the recipient -

Easy enough, now to the email subject - this I can set by concatenating
process variables. One, is my default text; this I concatenate with the product.

I can adopt the same approach for the email body.

Document Initiated Process

Here I have a very simple process that is initiated by the arrival of an order doc -

I have created an incoming document - newOrder

I deploy the process - and assign the role to the Docs user
configured in the PCS workspace -

As you can see, my user is cloud.admin.

Now I go to Docs CS and create a new folder for incoming orders -

I set the properties as follows -

I create an order doc -

and upload it to Docs CS -

Check PCS Task List -

The form is rather basic - I do agree!

but you get the idea!