04-17-2023 09:25 PM - edited 05-09-2023 09:49 AM
These PartnerPlace Standards, including recommended best practices, are to ensure that Partners are developing Partner Solutions that meet OneStream PartnerPlace requirements. These PartnerPlace Standards have been incorporated by reference into the Partner Solutions Development Supplement and together with the Universal Terms and Partner Schedule, govern the Partner’s participation in OneStream’s Partner Program (“Agreement”).
SOLUTION DEVELOPMENT & MANAGEMENT STANDARDS
All Partners are encouraged to utilize an industry-standard PMI-approved software development methodology (e.g., Agile, Waterfall, Scrum, and Kanban) to manage the development of their solution development for any solutions to be submitted into PartnerPlace.
All Partners shall perform commercially reasonable unit testing, performance testing, and quality assurance testing on all solutions that are submitted to PartnerPlace.
All Partners shall perform Security testing and provide testing logs to OneStream upon request.
All Partners are encouraged to test for any functional issues or bugs that arise from a platform version update within the timeframes set forth in the Partner SLA Requirements as further specified in Section 6. Refactored solutions must go through the full solution submittal process.
All Partner Solutions that, in OneStream’s sole opinion, cause performance or functional issues with OneStream Offering(s) may, in OneStream’s sole discretion, be immediately suspended and removed from PartnerPlace without prior notification. Such Partner Solutions will not be reinstated until the Partner has resolved the issue within such Partner Solution and has resubmitted it for approval by OneStream.
SOLUTION CODING STANDARDS
All Partner Solutions shall follow fundamental programming principles specified in Appendix A (“Fundamental Programming Best Practices”).
All Partner Solutions shall follow fundamental data architecture and database design standards specified in Appendix B (“ Fundamental Data Architecture & Database Design Best Practices ”).
Except as otherwise agreed upon OneStream, all Partner Solutions shall only use the OneStream Business Rule API (BRApi). All published and non-published public functions may change with future OneStream platform releases upon the discretion of OneStream without prior notification. In the event Partner wishes to submit a request to have a non-published function exposed in the BRApi namespace, Partner shall submit the request in accordance with process specified in Appendix K (“Requesting Exceptions for Partner Solutions”).
Partner Solutions are permitted to directly query OneStream core tables or core solutions (e.g., TXM, OFC, ACM, SML, etc.); however, Partner Solutions are prohibited from updating, modifying, editing, or writing to such core tables or core solutions.
Except as otherwise agreed upon by OneStream, Partner Solutions shall not have literal SQL strings sent into solution assets. All SQL queries must be parameterized to prevent opening vulnerabilities to malicious attacks, including SQL injection attacks.
PartnerSolutions shall have all parameters set to validated pre- and post-run to ensure security and data validity.
Partner Solutions with long-running synchronous jobs will be subject to suspension.
Partner Solutions with egregious use of error logging will be subject to suspension.
Partner Solutions are required to have commented code.
Partner Solutions are required to have commercially reasonable error-handling checks and user messages.
Partner Solutions are required to have a solution installer or install procedure.
Partner Solutions are required to have a solution uninstaller that uninstalls all artifacts and data created by every Partner Solution. Partner can optionally, in addition, provide a partial uninstall routine.
SOLUTION DOCUMENT REQUIREMENTS.
Partner Solutions must provide a Partner Solution and Company icon, Partner Solution name, and point of contact.
Partner Solutions must have the formatting as specified in Appendix D (“Solution Overview Template”).
Partner shall provide OneStream the items required for the PartnerPlace listing as specified in the Appendix L (“PartnerPlace Listing Artifacts Guide”).
Partner Solutions are required to: i) complete a Partner Solution Estimation document as specified in Appendix H (“Solution Estimation Guide”); or ii) upon the discretion and approval by OneStream, provide similar documentation for estimation.
All PartnerPlace developers must have completed the compliance and IT security vetting form, specified in the Appendix M (“Partner Vetting Survey”).
SCANS AND REVIEW REQUIREMENTS
All Partner Solutions will be scanned by OneStream using Marketplace Solution Tools (“MST”) and/ or other third-party code-checking tools. MST is available on the Solution Exchange, within Marketplace, and it’s recommended that Partner utilize this tool during development and prior to solution submission. MST’s current functionality will scan for the following warnings and critical items:
Unsafe SQL Queries
Parameters of Command Type with unused SQL queries
Unsupported solution file type
Unsupported file type
Solution initialization failure
Missing Using () statement on database connection
Uninitialized variables
Untyped variables
Missing return type on function
References to direct assemblies (.dll)
External database connections
References to external processes
External references
Security violations regarding certain users and group modifications
At the sole discretion of OneStream, Partner Solution submissions may be subject to a manual code review process prior to obtaining approval from OneStream. If the submission has been encrypted, the submission will need to be resent in a unencrypted format.
At the sole discretion of OneStream, Partner Solution submissions are subject to a manual security review and scan by OneStream in an unencrypted and unobfuscated format. If the submission has been encrypted or obfuscated by any means, it must be re-submitted in an unencrypted format. All Partner Solutions will undergo security tests, including, but not limited to the following:
Access control: Rights granted to each user do not expose other pieces of information that may be sensitive or private
Access control: Ways to escalate privilege within the solution or to use the solution to elevate OneStream privileges
Injection flaws: Manipulation of the communication to inject through SQL, OS commands, malicious code, and any other method.
Partner Solutions must pass all installation tests, including but not limited to: (i) loading and uncompressing all Partner Solution files; (ii) verification of all created tables, dashboards, and business rules present based on the Partner Solution’s install guide; (iii) data structure and scheme match the Partner Solution’s install guide; (iv) all Partner Solution business rules compile successfully; and (v) the Partner Solution loads successfully.
Partner Solutions must pass all uninstall tests: (i) within the solution “settings” options for “uninstall”; and (ii) within the uninstall dashboard have a selection to: (1) uninstall fully (required), and (2) uninstall UI (optional as needed for the solution).
Partner Solutions are required to pass all uninstall full tests, including but not limited to: (i) execute uninstall full option; (ii) verify all solution dashboards, so that all UI elements, and business rules are no longer present; and (iii) verify all solution tables and data are no longer present.
NAMING CONVENTION STANDARDS
Partner Solutions are required follow the OneStream Partner Solution naming convention standards as specified in Appendix I (“Naming Convention Standards).
OPERATIONAL SOLUTION SUPPORT REQUIREMENTS
Partner Solutions are required to have a documented service level agreement (“SLA”) with Customers that meets the minimum SLA support requirements as specified in Appendix C (“Partner SLA Requirements”).
Partners are required to provide key support organization information as specified in Appendix C (“Partner SLA Requirements”).
All PartnerPlace solutions must provide an emergency point of contact for the OneStream Specialty Engineering team, as specified in Appendix C (“Partner SLA Requirements”).
PUBLISHING CUSTOM DLL REQUEST
Partner Solutions must only use native core OneStream platform DLLs. In the event a non-native DLL is needed, Partner will submit the request in accordance with process specified in Appendix K (“Requesting Exceptions for Partner Solutions”).
PARTNER REVENUE SHARE TIERING
The revenue share percentage, as specified in the Partner Solutions Development Supplement, is determined by OneStream, in its sole discretion, based on the below criteria and parameters:
Tier 1: 10% revenue share percentage for basic Partner Solutions that utilize data already existing in the OneStream platform; and do not have heavy infrastructure compute requirements.
Tier 2: 15% revenue share percentage for moderately complex Partner Solutions that read, create, and process data and/or utilize higher levels of compute to perform their functional role for users.
Tier 3: 20% revenue share percentage for complex Partner Solutions that read, create, bring in outside data, utilize high volumes of data and utilize high intensity compute.
APPENDIX
05-09-2023 01:43 AM
Hi @DNing
It looks like the "Naming Convention Standards" document got left off when you attached the files.
Regards,
Daniel
05-09-2023 09:50 AM
Hey Daniel,
Thanks for catching the missing appendix file. It's been attached to the original post.
Regards,
DNing