Securing and Accessing Secured Files in Oracle CPQ Cloud

on
Securing and Accessing Secured Files in Oracle CPQ Cloud

Oracle CPQ Cloud allows administrators and developers to store files in a secure folder that can be accessed only when users are logged in.

Working in the Oracle CPQ Cloud space for several years now, I observed that most administrators and developers are NOT making use of this capability and unknowingly or unintentionally create security risks for the companies they work for.

To assess if your sensitive files are secured just take a quick glance at your Oracle CPQ Cloud File Manager. A secure folder would show a lock, as the “api” folder in the image while unsecured folders will not.





The major reason why administrators, developers, and consultants are not using this feature is because they don’t know how to access the data once it’s secured.

This is exactly what we’re going to learn in this tutorial in three easy steps.


Step 1: Create a folder


To get started with securing the files in Oracle CPQ Cloud, the first thing one has to do is to create a folder that would be designated as secure. The [Default] folder cannot be secure and I would advise against holding any valuable files in it anyway.

From File Manager click “Edit” >  populate “Folder Name” > click “Create”

Step 2: Mark the folder as secure


Once you have the folder created, we need to make it secure. To do that we’ll need to open the folder and check the “Only allow users who are logged in to view the contents of this folder?” checkbox under “Folder Security Setting”. The change will trigger a warning, ”Updating this setting could break links to files contained in this folder. Are you sure you want to continue?”, click “Ok”.


Step 3: Use the new URL 


After the change has been made, make sure you use the new URL with the “$SECURE_PATH$” instead of the “$BASE_PATH$” to reference your folder.

Note: To secure existing folders you’ll have to only follow Step 2 and Step 3.


Example:

If we want to secure the custom.js to include in the header we would change<script src=”$BASE_PATH$/javascript/custom.js”></script>to<script src="$SECURE_PATH$javascript/custom.js"></script>

Note: Make sure you don't forget to remove the prefixing "/" for the secured path.

Try it in Oracle CPQ Cloud!


  1. Create a folder called “scripts” and make it secure. 

  2. Then upload the cpq_custom.js file that changes all pages background to CPQ Consultant RED.

  3. Add the line above in the Footer section of the Header and Footer page in Administration Platform.
    <script src="$SECURE_PATH$scripts/cpq_custom.js"></script>

  4. Take a screenshot and upload to LinkedIn / Twitter / Facebook / Instagram with  hashtags:
    #cpqconsultant #personaldevelopment #security #innovation #technology

Comments

Post a Comment