- OneStream Community
- Solution Exchange
- OpenPlace
- OpenPlace Solution Guidelines and Standards [Documentation]
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
OpenPlace Solution Guidelines and Standards [Documentation]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-17-2023 09:21 PM - edited 05-04-2023 12:38 PM
These OpenPlace Standards, including recommended best practices, are to ensure that developer is developing OpenPlace Solutions that meet OneStream solution development requirements.
-
SOLUTION DEVELOPMENT & MANAGEMENT STANDARDS
-
All developers are encouraged to utilize an industry-standard PMI-approved software development methodology (e.g., Agile, Waterfall, Scrum, and Kanban) to manage the development of their solution development for any solutions to be submitted into OpenPlace.
-
All developers shall perform commercially reasonable unit testing, performance testing, and quality assurance testing on all solutions that are submitted to OpenPlace.
-
All developers shall perform Security testing and provide testing logs to OneStream upon request.
-
All developers are encouraged to test for any functional issues or bugs.
-
All OpenPlace Solutions that, in OneStream’s sole opinion, cause performance or functional issues with OneStream Offering(s) may, in OneStream’s sole discretion, be immediately suspended and removed from OpenPlace without prior notification. Such OpenPlace Solutions will not be reinstated until the developer has resolved the issue within such OpenPlace Solution and has resubmitted it for approval by OneStream.
-
SOLUTION CODING STANDARDS
-
All OpenPlace Solutions shall follow fundamental programming principles specified in Appendix A (“ Fundamental Programming Best Practices ”).
-
All OpenPlace Solutions shall follow fundamental data architecture and database design standards specified in Appendix B (“ Fundamental Data Architecture & Database Design Best Practices ”).
-
Except as otherwise agreed upon OneStream, all OpenPlace Solutions shall only use the OneStream Business Rule API (BRApi). All published and non-published public functions may change with future OneStream platform releases upon the discretion of OneStream without prior notification. In the event Partner wishes to submit a request to have a non-published function exposed in the BRApi namespace, Partner shall submit the request in accordance with process specified in Appendix I (“Requesting Exceptions for OpenPlace Solutions”).
-
OpenPlace Solutions are permitted to directly query OneStream core tables or core solutions (e.g., TXM, OFC, ACM, SML, etc.); however, Partner Solutions are prohibited from updating, modifying, editing, or writing to such core tables or core solutions.
-
Except as otherwise agreed upon by OneStream, OpenPlace Solutions shall not have literal SQL strings sent into solution assets. All SQL queries must be parameterized to prevent opening vulnerabilities to malicious attacks, including SQL injection attacks.
-
OpenPlace solutions shall have all parameters set to validated pre- and post-run to ensure security and data validity.
-
OpenPlace Solutions with long-running synchronous jobs will be subject to suspension.
-
OpenPlace Solutions with egregious use of error logging will be subject to suspension.
-
OpenPlace Solutions are required to have commented code.
-
OpenPlace Solutions are required to have commercially reasonable error-handling checks and user messages.
-
OpenPlace Solutions are required to have a solution installer or install procedure.
-
OpenPlace Solutions are required to have a solution uninstaller that uninstalls all artifacts and data created by every Partner Solution. Partner can optionally, in addition, provide a partial uninstall routine.
-
SOLUTION DOCUMENT REQUIREMENTS.
-
OpenPlace Solutions must provide a OpenPlace Solution and name and Developer name.
-
OpenPlace Solutions must have the formatting as specified in Appendix C (“Solution Overview Template”).
-
OpenPlace shall provide OneStream the items required for the PartnerPlace listing as specified in the Appendix H (“OpenPlace Listing Artifacts Guide”).
-
SCANS AND REVIEW REQUIREMENTS
-
All OpenPlace solutions will be scanned by OneStream using Marketplace Solution Tools (“MST”) and/ or other third-party code-checking tools. MST is available on the Solution Exchange, within Marketplace, and it is recommended that developers utilize this tool during development and prior to solution submission. MST’s current functionality will scan for the following warnings and critical items:
-
Unsafe SQL Queries
-
Parameters of Command Type with unused SQL queries
-
Unsupported solution file type
-
Unsupported file type
-
Solution initialization failure
-
Missing Using () statement on database connection
-
Uninitialized variables
-
Untyped variables
-
Missing return type on function
-
References to direct assemblies (.dll)
-
External database connections
-
References to external processes
-
External references
-
Security violations regarding certain users and group modifications
-
At the sole discretion of OneStream, OpenPlace Solution submissions may be subject to a manual code review process prior to obtaining approval from OneStream. If the submission has been encrypted, the submission will need to be resent in an unencrypted format.
-
At the sole discretion of OneStream, OpenPlace Solution submissions are subject to a manual security review and scan by OneStream in an unencrypted format. If the submission has been encrypted by any means, it must be re-submitted in an unencrypted format. All OpenPlace Solutions will undergo security tests, including, but not limited to the following:
-
Access control: Rights granted to each user do not expose other pieces of information that may be sensitive or private
-
Access control: Ways to escalate privilege within the solution or to use the solution to elevate OneStream privileges
-
Injection flaws: Manipulation of the communication to inject through SQL, OS commands, malicious code, and any other method.
-
OpenPlace Solutions must pass all installation tests, including but not limited to: (I) loading and uncompressing all OpenPlace Solution files; (ii) verification of all created tables, dashboards, and business rules present based on the OpenPlace Solution’s install guide; (iii) data structure and scheme match the OpenPlace Solution’s install guide; (iv) all OpenPlace Solution business rules compile successfully; and (v) the OpenPlace Solution loads successfully.
-
OpenPlace Solutions must pass all uninstall tests: (I) within the solution “settings” options for “uninstall;” and (ii) within the uninstall dashboard have a selection to: (1) uninstall fully (required), and (2) uninstall UI (optional as needed for the solution).
-
OpenPlace Solutions are required to pass all uninstall full tests, including but not limited to: (I) execute uninstall full option; (ii) verify all solution dashboards, so that all UI elements, and business rules are no longer present; and (iii) verify all solution tables and data are no longer present.
-
NAMING CONVENTION STANDARDS
-
OpenPlace Solutions are required follow the OneStream Solution naming convention standards as specified in Appendix G (“Naming Convention Standards).
-
OPERATIONAL SOLUTION SUPPORT REQUIREMENTS
-
OpenPlace Solutions are developer Community supported. Developers are encouraged but not required to support any OpenPlace solutions they release on OpenPlace.
-
PUBLISHING CUSTOM DLL REQUEST
-
OpenPlace Solutions must only use native core OneStream platform DLLs.
-
APPENDIX
- Labels:
-
Documentation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2023 10:47 AM
The Appendices are not available to people who are not in the onestreamsoftware.sharepoint.com directory.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2023 11:14 AM
we are uploading those documents into OneCommunity and relinking the URL.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-21-2023 01:04 PM
Are you able to advise when this will be actioned?
Many thanks, Daniel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-21-2023 01:21 PM
We are working with our support team to setup a permanent externally accessible area to so store all the additional appendix documents. The Service Now ticket is being processed. I'll update this thread when is complete.
We thank you for you patience.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-30-2023 10:16 PM
Hello,
Can you Please confirm if the Documents are Posted in OneCommunity & wher we can access it.
Thanks,
Subhasish
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-01-2023 09:33 AM
We currently have it accessible here Appendix Folder . If you have issues accessing this location please email OpenPlaceProgram@onestreamsoftware.com and we can send you the files. Note we are in the process of expanding the this thread to attach the appendix documents directly to the post.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2023 07:47 PM
Are there any significant differences between the PartnerPlace standards vs the OpenPlace standards?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-09-2023 09:51 AM
Daniel,
There are a few requirements that are excluded from the OpenPlace standards vs the PartnerPlace standards. But the core solution development coding standards remain the same.
