This chapter contains the following topics:
The Address Book data security feature enables you to restrict users from viewing address book information that you have determined is personal. After performing the required setup for this feature, secured users can see the fields that you specify as secured, but the fields are filled with asterisks and are disabled. You can set up data security for these fields:
Tax ID
Addl Ind Tax ID (additional tax ID)
Address
Includes Address Lines 1-7, City, State, Postal Code, Country, and County.
Phone Number
Includes phone number and phone prefix.
Electronic Address
Includes only electronic addresses with Type E.
Day of Birth, Month of Birth, and Year of Birth.
Gender
Note:
In addition to these fields, the system enables you to designate up to eight other user-defined fields as secured. Included in the eight fields are: five string, one math numeric, one character, and one date type. To secure additional fields, you must modify the parameter list in the call to the business function B0100095. For example, if you want to designate Industry Class as a secured field, you must modify the call to the B0100095 business function to map Industry Class in the parameter list.The Address Book data security feature provides an additional level of security by not allowing secured users to locate valid personal information using the query based example (QBE) line. For example, if a user enters numbers in the Tax ID field of the QBE line, the system does not display the matching record in the event that the user happens to enter a valid tax ID number.
Setting up Address Book data security involves these steps:
Selecting the Activate Personal Data Security constant in the Address Book Constants.
Personal data security is inactive unless the Activate Personal Data Security constant is selected.
Setting up permission list definitions.
Use the Address Book Data Permissions program (P01138) to create one or more permission lists that specify which fields in the Address Book are secured.
Setting up permission list relationships.
Use the Permission List Relationships program (P95922) to determine the users or roles that are subject to each permission list.
After you set up Address Book data security, users cannot view information in the fields that you specify as secured. The secured fields appear as asterisks and the system disables these fields for updates. However, users can view their own secured address book information. Also, secured fields are not protected when adding new address book records.
In addition to storing Address Book private data in the Address Book Data Permission List Definition table (F01138), the system stores private data in these tables:
Address Book-Who's Who (F0111)
Address Book-Phone Numbers (F0115)
Address by Date (F0116)
When a user runs a report or an application other than the Address Book (such as a Universal Batch Engine report, the Data Browser, or the Universal Table Browser), if EnterpriseOne encounters secured private data in any of the tables in the preceding list, records or columns with secured data do not display in the results. The results displayed depend on whether the fetch is over one or multiple tables. If the fetch is over one table with a secured field, the records that contain secured private data do not appear in the output. If a fetch is over a business view with two tables, the records are displayed, but the columns with secured private data are blank.
For example, if an administrator configures private data security to prevent users of a role from viewing the Tax ID for search type E, and the Who's Who application is launched for an address book record with search type E, a user assigned to this role cannot view records for this Address Book record in the Who's Who application.
Note:
For Release 8.98.4.10, when Address Book data security is configured, you can either enable or disable the additional level of security that prevents secured private data from appearing in other applications and output. See Enabling or Disabling Secured Private Data from Displaying in Other Applications and Output (Release 8.98.4.10) for more information.Select the Activate Personal Data Security constant in the Address Book Constants.
See "Setting Up the Address Book System" in the JD Edwards EnterpriseOne 9.0 Address Book Implementation Guide.
Set up users and roles in the User Profiles program (P0092) for each user that you want to secure from Address Book information.
This section provides an overview of permission list definitions and discusses how to set up permission list definitions.
The Permission List Definition program enables you to create multiple lists that determine which Address Book fields are secure. When you create permission lists, you specify a permission list name and a search type, and then select each field that you want to secure. The system stores permission list definitions in the F01138 table.
| Form Name | FormID | Navigation | Usage |
|---|---|---|---|
| Work With Permission List Definitions | W01138A | Permission List Management (JDE029160), Address Book Data Permission
Enter P01138 in the Fast Path. |
Review existing permission list definitions. |
| Add/Edit Permission List Definitions | W01138B | Select Add from the Work With Permission List Definitions form. | Create new permission list definitions or revise existing definitions. |
Access the Add/Edit Permission List Definitions form.
After entering the Permission List Name and the Search Type, select each field that you want to secure.
Enter a name for the permission list. Enter up to 15 alphanumeric characters.
Select the search type for which the permission list applies.
This section provides an overview of permission list relationships and discusses how to set up permission list relationships.
After you set up permission list definitions, use the Permission List Relationships program to assign them to previously defined user IDs and roles. You can attach a user ID or role to only one permission list. The system stores permission list relationships in the F95922 table.
Access the Maintain Permission List Relationships form.
In the User or Role field, enter the User ID or Role that you want to attach to a permission list, and then click the find button.
Click the right arrow button to attach a User ID or Role to a permission list.
Click the left arrow button to remove a User ID or Role from a permission list.
With Release 8.98.4.10, EnterpriseOne provides INI file settings to enable or disable the displaying of records with secured private data in applications and output other than the Address Book.
The settings for enabling and disabling this additional level of private data security are located in the JDBJ.INI file on the HTML Server and the JDE.INI file on the Enterprise Server. Use Server Manager to modify these settings:
| INI File | Section and Setting | Values |
|---|---|---|
| JDBJ.INI on the HTML Server | [JDBj-RUNTIME PROPERTIES]
enableDataPrivacySkipRecord= |
Values are:
true: Excludes records with secured data from all other output sources. false (or leave blank): This is the default. Allows records with secured data to appear in other output sources. |
| JDE.INI file on the Enterprise Server | [DB SYSTEM SETTINGS]
enableDataPrivacySkipRecord= |
Values are:
true: Excludes records with secured data from all other sources of output. false (or leave blank): This is the default. Allows records with secured data to appear in other output sources. |
For more information about modifying INI file settings in Server Manager, see the JD Edwards EnterpriseOne Server Manager Guide.