PartnerPlace Solution Guidelines and Standards [Documentation]

DNing
New Contributor II

These PartnerPlace Standards, including recommended best practices, are to ensure that Partners are developing Partner Solutions that meet OneStream PartnerPlace requirements. These PartnerPlace Standards have been incorporated by reference into the Partner Solutions Development Supplement and together with the Universal Terms and Partner Schedule, govern the Partner’s participation in OneStream’s Partner Program (“Agreement”).

  1. SOLUTION DEVELOPMENT & MANAGEMENT STANDARDS

    1. All Partners are encouraged to utilize an industry-standard PMI-approved software development methodology (e.g., Agile, Waterfall, Scrum, and Kanban) to manage the development of their solution development for any solutions to be submitted into PartnerPlace.

    2. All Partners shall perform commercially reasonable unit testing, performance testing, and quality assurance testing on all solutions that are submitted to PartnerPlace.

    3. All Partners shall perform Security testing and provide testing logs to OneStream upon request.

    4. All Partners are encouraged to test for any functional issues or bugs that arise from a platform version update within the timeframes set forth in the Partner SLA Requirements as further specified in Section 6. Refactored solutions must go through the full solution submittal process.

    5. All Partner Solutions that, in OneStream’s sole opinion, cause performance or functional issues with OneStream Offering(s) may, in OneStream’s sole discretion, be immediately suspended and removed from PartnerPlace without prior notification. Such Partner Solutions will not be reinstated until the Partner has resolved the issue within such Partner Solution and has resubmitted it for approval by OneStream.

  2. SOLUTION CODING STANDARDS

    1. All Partner Solutions shall follow fundamental programming principles specified in Appendix A (“Fundamental Programming Best Practices”).

    2. All Partner Solutions shall follow fundamental data architecture and database design standards specified in Appendix B (“ Fundamental Data Architecture & Database Design Best Practices ”).

    3. Except as otherwise agreed upon OneStream, all Partner Solutions shall only use the OneStream Business Rule API (BRApi). All published and non-published public functions may change with future OneStream platform releases upon the discretion of OneStream without prior notification. In the event Partner wishes to submit a request to have a non-published function exposed in the BRApi namespace, Partner shall submit the request in accordance with process specified in Appendix K (“Requesting Exceptions for Partner Solutions”).

    4. Partner Solutions are permitted to directly query OneStream core tables or core solutions (e.g., TXM, OFC, ACM, SML, etc.); however, Partner Solutions are prohibited from updating, modifying, editing, or writing to such core tables or core solutions.

    5. Except as otherwise agreed upon by OneStream, Partner Solutions shall not have literal SQL strings sent into solution assets. All SQL queries must be parameterized to prevent opening vulnerabilities to malicious attacks, including SQL injection attacks.

    6. PartnerSolutions shall have all parameters set to validated pre- and post-run to ensure security and data validity.

    7. Partner Solutions with long-running synchronous jobs will be subject to suspension.

    8. Partner Solutions with egregious use of error logging will be subject to suspension.

    9. Partner Solutions are required to have commented code.

    10. Partner Solutions are required to have commercially reasonable error-handling checks and user messages.

    11. Partner Solutions are required to have a solution installer or install procedure.

    12. Partner Solutions are required to have a solution uninstaller that uninstalls all artifacts and data created by every Partner Solution. Partner can optionally, in addition, provide a partial uninstall routine.

  3. SOLUTION DOCUMENT REQUIREMENTS.

    1. Partner Solutions must provide a Partner Solution and Company icon, Partner Solution name, and point of contact.

    2. Partner Solutions must have the formatting as specified in Appendix D (“Solution Overview Template”).

    3. Partner shall provide OneStream the items required for the PartnerPlace listing as specified in the Appendix L (“PartnerPlace Listing Artifacts Guide”).

    4. Partner Solutions are required to: i) complete a Partner Solution Estimation document as specified in Appendix H (“Solution Estimation Guide”); or ii) upon the discretion and approval by OneStream, provide similar documentation for estimation.

    5. All PartnerPlace developers must have completed the compliance and IT security vetting form, specified in the Appendix M (“Partner Vetting Survey”).

  4. SCANS AND REVIEW REQUIREMENTS

    1. All Partner Solutions will be scanned by OneStream using Marketplace Solution Tools (“MST”) and/ or other third-party code-checking tools. MST is available on the Solution Exchange, within Marketplace, and it’s recommended that Partner utilize this tool during development and prior to solution submission. MST’s current functionality will scan for the following warnings and critical items:

      1. Unsafe SQL Queries

      2. Parameters of Command Type with unused SQL queries

      3. Unsupported solution file type

      4. Unsupported file type

      5. Solution initialization failure

      6. Missing Using () statement on database connection

      7. Uninitialized variables

      8. Untyped variables

      9. Missing return type on function

      10. References to direct assemblies (.dll)

      11. External database connections

      12. References to external processes

      13. External references

      14. Security violations regarding certain users and group modifications

    2. At the sole discretion of OneStream, Partner Solution submissions may be subject to a manual code review process prior to obtaining approval from OneStream. If the submission has been encrypted, the submission will need to be resent in a unencrypted format.

    3. At the sole discretion of OneStream, Partner Solution submissions are subject to a manual security review and scan by OneStream in an unencrypted and unobfuscated format. If the submission has been encrypted or obfuscated by any means, it must be re-submitted in an unencrypted format. All Partner Solutions will undergo security tests, including, but not limited to the following:

      1. Access control: Rights granted to each user do not expose other pieces of information that may be sensitive or private

      2. Access control: Ways to escalate privilege within the solution or to use the solution to elevate OneStream privileges

      3. Injection flaws: Manipulation of the communication to inject through SQL, OS commands, malicious code, and any other method.

    4. Partner Solutions must pass all installation tests, including but not limited to: (i) loading and uncompressing all Partner Solution files; (ii) verification of all created tables, dashboards, and business rules present based on the Partner Solution’s install guide; (iii) data structure and scheme match the Partner Solution’s install guide; (iv) all Partner Solution business rules compile successfully; and (v) the Partner Solution loads successfully.

    5. Partner Solutions must pass all uninstall tests: (i) within the solution “settings” options for “uninstall”; and (ii) within the uninstall dashboard have a selection to: (1) uninstall fully (required), and (2) uninstall UI (optional as needed for the solution).

    6. Partner Solutions are required to pass all uninstall full tests, including but not limited to: (i) execute uninstall full option; (ii) verify all solution dashboards, so that all UI elements, and business rules are no longer present; and (iii) verify all solution tables and data are no longer present.

  5. NAMING CONVENTION STANDARDS

    1. Partner Solutions are required follow the OneStream Partner Solution naming convention standards as specified in Appendix I (“Naming Convention Standards).

  6. OPERATIONAL SOLUTION SUPPORT REQUIREMENTS

    1. Partner Solutions are required to have a documented service level agreement (“SLA”) with Customers that meets the minimum SLA support requirements as specified in Appendix C (“Partner SLA Requirements”).

    2. Partners are required to provide key support organization information as specified in Appendix C (“Partner SLA Requirements”).

    3. All PartnerPlace solutions must provide an emergency point of contact for the OneStream Specialty Engineering team, as specified in Appendix C (“Partner SLA Requirements”).

  7. PUBLISHING CUSTOM DLL REQUEST

    1. Partner Solutions must only use native core OneStream platform DLLs. In the event a non-native DLL is needed, Partner will submit the request in accordance with process specified in Appendix K (“Requesting Exceptions for Partner Solutions”).

  8. PARTNER REVENUE SHARE TIERING

    1. The revenue share percentage, as specified in the Partner Solutions Development Supplement, is determined by OneStream, in its sole discretion, based on the below criteria and parameters:

      1. Tier 1: 10% revenue share percentage for basic Partner Solutions that utilize data already existing in the OneStream platform; and do not have heavy infrastructure compute requirements.

      2. Tier 2: 15% revenue share percentage for moderately complex Partner Solutions that read, create, and process data and/or utilize higher levels of compute to perform their functional role for users.

      3. Tier 3: 20% revenue share percentage for complex Partner Solutions that read, create, bring in outside data, utilize high volumes of data and utilize high intensity compute.

  9. APPENDIX

    1. Fundamental Programming Best Practices

    2. Fundamental Data Architecture & Database Design Best Practices

    3. Partner SLA Requirements

    4. Solution Overview Template

    5. Release Notes Template

    6. Solution Guide Template

    7. Quick Reference Template

    8. Solution Estimation Guide

    9. Naming Convention Standards

    10. Solution Encryption Guide

    11. Requesting Exceptions for Partner Solutions

    12. PartnerPlace Listing Artifacts Guide

    13. Partner Vetting Survey

2 REPLIES 2

DanielWillis
Contributor II

Hi @DNing 

It looks like the "Naming Convention Standards" document got left off when you attached the files.

Regards,

Daniel

DNing
New Contributor II

Hey Daniel,

 

Thanks for catching the missing appendix file.  It's been attached to the original post.

 

Regards,

DNing

Please sign in! DNing