slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Understanding Row Security in E1 Kristina O’Leary Brian Connor JD Edwards Versions 8 through to 9.1 PowerPoint Presentation
Download Presentation
Understanding Row Security in E1 Kristina O’Leary Brian Connor JD Edwards Versions 8 through to 9.1

Loading in 2 Seconds...

play fullscreen
1 / 59

Understanding Row Security in E1 Kristina O’Leary Brian Connor JD Edwards Versions 8 through to 9.1 - PowerPoint PPT Presentation


  • 232 Views
  • Uploaded on

Understanding Row Security in E1 Kristina O’Leary Brian Connor JD Edwards Versions 8 through to 9.1. Product Awareness Sessions. ALL Out Webinar Program www.alloutsecurity.com Product Awareness Sessions (English, Spanish and French) ALL Out for EnterpriseOne ALL Out for World

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Understanding Row Security in E1 Kristina O’Leary Brian Connor JD Edwards Versions 8 through to 9.1' - taurus


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Understanding Row Security in E1

Kristina O’Leary

Brian Connor

JD Edwards Versions 8 through to 9.1

product awareness sessions
Product Awareness Sessions
  • ALL Out Webinar Program
    • www.alloutsecurity.com
  • Product Awareness Sessions (English, Spanish and French)
    • ALL Out for EnterpriseOne
    • ALL Out for World
    • ALL Out for IBMi
  • Education Sessions
    • Reporting, Segregation of Duties and Compliance
    • Multiple Roles
    • “Open to Closed without Pain” (E1 only)
    • ALL Out Product Awareness
    • Task View Best Practice
  • Technical Webinars – E1
    • Cost justifying an upgrade
    • Choosing the right platform
all out for e1 xe to version 9 agenda
ALL Out for E1 – Xe to Version 9Agenda
  • Introduction
  • Security Basics
    • Program Security
    • Data Security
      • Exclusive vs. Inclusive Row Security
  • Row Security
    • Setting Up Row Security
    • Example: The Challenge
    • Example: The Workaround
    • Example: The Solution
    • Role Sequencer
    • User reporting – what can a user do?
    • Row Security Reporting – who can access a Business Unit?
  • Demonstration
    • Row Security and Functional Roles
    • Roles within Roles
    • Identifying Role Sequencer Conflicts

NEW

program security

Program Security

Application and Action Security

program security to control access to programs
Program Security – To Control Access to Programs

For inquiry only: The security below allows inquiry access but will not allow the user to add a new business unit, or change or delete an existing business unit.

  • Application Security
    • Defines if an application can be accessed or run
  • Action Code Security
    • Defines the actions that can be taken
    • Add, Change, Delete, OK/Select, Copy, Scroll
security best practice
Security Best Practice
  • You need Application and Action Code security
  • Operate in a ‘Closed’ or ‘Deny All’ security environment
  • Avoid using ‘N’ Settings, except at *PUBLIC
    • Security is easier to understand when the only ‘N’ records in the F00950 table are at *PUBLIC and *ALL level. You should not need many additional ‘N’ settings at the user or role level.
  • Use security sparingly at version level and form level
    • Use it, it works well, but only use this only where specifically required.
  • Avoid user level security, put all security in roles
      • Exception: Resolve role sequencer conflicts at user level
    • Use small, processed based security so that your work is reusable and clean
  • Avoid putting ‘data’ security and ‘program’ security in the same roles
  • You will need little Solution Explorer Security
    • When you have a ‘closed’ system, you do not need Hyper Exit Security! This type of security creates maintenance issues in exponential proportion to the number of records you create.
data security

Data Security

Row Security – control records

Column Security – control fields

what is row s ecurity what is column security
What is Row Security?What is Column Security?
  • Row Security – Secures users from accessing a particular range or list of records in any table.
    • For example, if you want to allow a role to enter journal entries only for Company 1, you can create role based row security for the journal entry table (F0911) and the field ‘CO’ for Company
    • For example, if you want a user to run financial statements only for a specific business unit, you can create role based row security for the account balances table (F0902) and the field ‘MCU’ for business unit.
what is row s ecurity what is column security1
What is Row Security?What is Column Security?
  • Column Security – Secures users from viewing a particular field or changing a value for a particular field.
    • For example, You can secure the Social Security Number field on the Employee Master, or you can secure (hide) the Salary field on the Employee Master application (it is optional to specify a specific version).
inclusive vs exclusive row security
Inclusive vs. Exclusive Row Security
  • You use row security to either restrict or allow users from viewing, updating, deleting, or adding certain records (rows) to a table.
  • Prior to setting up any kind of row security (whether at the user level, role level, or *PUBLIC level), security administration determines whether your system will use inclusive or exclusive row security.
  • Exclusiverow security blocks users from accessing the database for a secured range of values that you define.
    • When you create exclusive row security, you are creating a row security record to exclude or block a user/role from adding, changing, deleting or viewing certain records
  • Inclusiverow security allows users to access the database for a valid range of values that you define.
    • When you create inclusive row security, you are creating a row security to allow or a user/role to add, change, delete or view certain records.
  • Inclusive row security is best practice as it provides better system performance and is much easier to use and maintain than exclusive row security.

.

exclusive vs inclusive setting is an exit from p00950
Exclusive vs Inclusive Setting is an exit from P00950

Set once and typically do not change.

data security open or closed
Data Security: Open or Closed?
  • Data Security is by default *Open*
  • If no row security records exist at *PUBLIC, role level or user level, then a user can access all records
  • Once a row security record is in place for *PUBLIC, at the role level or user level, for a specific table, and a specific Data Item then the user can only see records for the Table/Data Item that they have been given access to
  • For example: Role RS-WEST
    • A user assigned Role RS-WEST
      • Will be able to add, delete and view records in F0006 for ONLY business unit 5
      • Will be able to add, delete and view records in F0911 for ONLY business units 1 and 5
      • Will have FULL ACCESS to all other tables (by DEFAULT)
slide13

Mixing letters and numbers

  • When defining Ranges, be careful when mixing letters and numbers
    • Range 1 to 9 – is just that – 9 values
    • Range 10 to 19 is just that – 10 values
  • Range 9 to 10 has all the letters and numbers as well
    • ASCII Sort sequence starts with
    • Blank ! “ # and then all sorts of characters – and then
    • 0 1 2 3 4 5 6 7 8 9 : ; < and then all sorts of characters – and then
    • A B C D E etc until
    • Y Z { | } ~ at the end
  • Don’t forget – if your server is EBCDIC (iSeries) the sequence is different.
  • When in doubt, use an E1 visual assist to see the sort sequence (i.e. use visual assist in business unit field to see proper sort sequence)
setting up row security

Setting Up Row Security

Example of How Row Security Works

slide15

Define Row Security Roles

Note Role Sequence Number

Assign Environment to New Roles

row security the challenge

Row Security: The Challenge

Multiple Row Security Roles:

The Role Sequencer

Note – Must force *ALL Roles

If a user can select a role they will by-pass row security

(unless it is at the user level)

slide20

Testing Results

Annette

Business Unit Inquiry

Annette can only view business unit 9.

Role RS-CORP has the highest role sequence number.

slide21

Testing Results

Debbie

Business Unit Inquiry

Debbie can only view business unit 6.

Role RS-NORTH has the highest role sequence number.

row security the all out quick fix

Row Security: The ALL Out Quick Fix

An Automated Process:

Multiple Row Security Roles

Row Security Built at User Level

This automates a common practice at many E1 sites

row security the jde workaround

Row Security: The JDE Workaround

Create New Roles

Manually Create New Row Security Records

slide36

Testing Results

Debbie

Business Unit Inquiry

Debbie can only view business unit 6.

Role RS-NORTH has the highest role sequence number.

slide40

Testing Results

Debbie

Business Unit Inquiry

With new role RS-NOSO, Debbie can view business units 4 and 6.

However, new security records need to be created for every new row security role combination!

row security the all out solution

Row Security: The ALL Out Solution

An Automated Process:

Multiple Row Security Roles

Super Roles and Sub Roles

all out fix merge program automatically creates f00950 security and f9006 fine cut records
All Out Fix/Merge Program AutomaticallyCreates F00950 (Security) and F9006 (Fine Cut) Records
slide47

Testing Results

John

Business Unit Inquiry

John can see business unit 9, 20-30, and 61.

COMBI03 has role sequence number 490, and COMBI03 has access to 3 sets of business units.

row security reporting

Row SecurityReporting

NEW

Reporting Back to Front:

We know what each user has access to,

but who has access to which tables?

all out contacts
ALL Out Contacts

Sales Support

Hazel @ alloutsecurity.com

Consulting

Brian Connor

Brian.Connor@alloutsecurity.com

Kristina O’Leary

Kristina.Oleary@alloutsecurity.com

exclusive to inclusive conversion

Exclusive to InclusiveConversion

Product Based Service from ALL Out

exclusive
Exclusive

If exclusive row security is set

  • Only the records in blue (View= ‘N’) would be used by JD Edwards
  • The records in red (View= ‘Y’) would simply be ignored – unless the ‘Add’, ‘Change’ or ’Delete’ flags are used.
  • Selects performed against the F0101 table would look like: 
  • SELECT * FROM TESTDTA.F0101 WHERE (ABMCU NOT BETWEEN '21' AND '50' AND ABMCU NOT BETWEEN '71' AND 'ZZZZZZ')
  • Updates on the F0101 (in this example changing JOHNDOE’s cost center) would look like:
  • UPDATE TESTDTA.F0101 SET ABMCU = '60' WHERE (ABAN8 = 12345) AND ( ABMCU NOT BETWEEN '21' AND '50' AND ABMCU NOT BETWEEN '51' AND '70' AND ABMCU NOT BETWEEN '71' AND 'ZZZZZZ')
inclusive
Inclusive
  • If inclusive row security is set
  • Only the records in blue (View = ‘Y’) would be used by JD Edwards
  • The records in red (View= ‘N’) would simply be ignored.
  • Selects performed against the F0101 table would look like:
  • SELECT * FROM TESTDTA.F0101 WHERE (ABMCU BETWEEN '1' AND '20' OR ABMCU BETWEEN '51' AND '70')
  • Updates on the F0101 (in this example changing JOHNDOE’s cost center) would look like:
  • UPDATE TESTDTA.F0101 SET ABMCU = '60' WHERE (ABAN8 = 12345) AND (ABMCU BETWEEN '1' AND '20' )