Contents

List of Figures

Title and Copyright Information

Preface

• Audience
• Documentation Accessibility
• Related Documents
• Conventions

1 Introduction to JD Edwards EnterpriseOne Tools Security Administration

• 1.1 Security Administration Overview
• 1.2 Security Administration Implementation

2 Understanding JD Edwards EnterpriseOne Security

• 2.1 JD Edwards EnterpriseOne Security Overview
• 2.2 Object-Level Security
  • 2.2.1 Object Level Security Types
• 2.3 Users, Roles, and *PUBLIC
• 2.4 How JD Edwards EnterpriseOne Checks Security
• 2.5 Cached Security Information
  • 2.5.1 Clearing the Cache on a Workstation Client
  • 2.5.2 Clearing the Cache on a Web Client Using Server Manager

3 Working with User and Role Profiles

• 3.1 Understanding User and Role Profiles
  • 3.1.1 How to Assign and Delete Environments for User and Role Profiles
  • 3.1.2 How to Assign Business Preferences to User and Role Profiles
  • 3.1.3 User and Role Profile Copying
• 3.2 Understanding How Role Profiles Make Profiling Easier
• 3.3 Tables Used by the User Profile Revisions Application
• 3.4 Setting Up User Profiles
  • 3.4.1 Understanding User Profile Setup
    • 3.4.1.1 User Profile Creation and Modification
    • 3.4.1.2 Batch Process for Creating User Profiles
    • 3.4.1.3 Report Used for Reviewing User Profiles
  • 3.4.2 Understanding How to Add Users
    • 3.4.2.1 How to Add an Individual User
    • 3.4.2.2 How to Add Multiple Users
  • 3.4.3 Prerequisites
  • 3.4.4 Forms Used to Set Up User Profiles
  • 3.4.5 Setting Processing Options for User Profile Revisions (P0092)
  • 3.4.6 Creating and Modifying User Profiles
  • 3.4.7 Copying User Profiles
  • 3.4.8 Assigning or Deleting Environments for User Profiles
  • 3.4.9 Assigning Business Preferences to User Profiles
  • 3.4.10 Creating Profiles by Using a Batch Process
  • 3.4.11 Reviewing User and Profile Definitions
• 3.5 Setting Up Roles
  • 3.5.1 Understanding User Roles
  • 3.5.2 Understanding Role-to-Role Relationships
  • 3.5.3 Understanding the Sign-In Role Chooser
  • 3.5.4 Understanding the Menu Filtering Role Chooser
  • 3.5.5 Understanding Workstation Initialization File Parameters
  • 3.5.6 Forms Used to Set Up Roles
  • 3.5.7 Creating and Modifying Roles
  • 3.5.8 Migrating Roles
    • 3.5.8.1 Run the TC R89959211
    • 3.5.8.2 Run the TC R8995921
    • 3.5.8.3 Sequence the Roles
    • 3.5.8.4 Add Environments
    • 3.5.8.5 Set up the JDE.INI/JAS.INI file
    • 3.5.8.6 Server Executables
    • 3.5.8.7 Set Up Security
    • 3.5.8.8 Run the UBE R98OWPU
    • 3.5.8.9 Run the UBE R98OWUP (Optional)
  • 3.5.9 Sequencing Roles
  • 3.5.10 Adding an Environment to a Role
  • 3.5.11 Assigning Business Preferences to a Role
  • 3.5.12 Setting Up a Role Relationship
  • 3.5.13 Enabling the Role Chooser
  • 3.5.14 Creating Role-to-Role Relationships
  • 3.5.15 Delegating Roles
  • 3.5.16 Adding Roles to a User
  • 3.5.17 Adding Users to a Role
  • 3.5.18 Copying User Roles
  • 3.5.19 Adding a Language Translation to a Role

4 Employing Sign-in Security

• 4.1 Understanding Sign-in Security
  • 4.1.1 Sign-In Security Overview
  • 4.1.2 Security Table Access
  • 4.1.3 Password Encryption
  • 4.1.4 Sign-In Security Setup
  • 4.1.5 Process Flow for Sign-in Security
    • 4.1.5.1 ShowUnifiedLogon Setting
  • 4.1.6 Sign-in Security for Web Users
  • 4.1.7 Setting Processing Options for P98OWSEC
    • 4.1.7.1 Default
    • 4.1.7.2 Password

5 Setting Up User Security

• 5.1 Understanding User Security
• 5.2 Creating and Revising User Security
  • 5.2.1 Understanding How to Create and Revise User Security
  • 5.2.2 Prerequisites
  • 5.2.3 Forms Used to Create and Revise User Security
  • 5.2.4 Creating User Security
  • 5.2.5 Copying User Security
  • 5.2.6 Revising User and Role Security
  • 5.2.7 Revising All User Security
  • 5.2.8 Changing a Sign-in Password
  • 5.2.9 Requiring Sign-in Security
• 5.3 Reviewing Security History
  • 5.3.1 Prerequisite
  • 5.3.2 Forms Used to Review Security History
• 5.4 Managing Data Sources for User Security
  • 5.4.1 Understanding Data Source Management for User Security
  • 5.4.2 Forms Used to Manage Data Sources for User Security
  • 5.4.3 Adding a Data Source to a User, a Role, or All Users
  • 5.4.4 Revising a Data Source for a User, Role, or All Users
  • 5.4.5 Removing a Data Source for a User, Role, or All Users
  • 5.4.6 Changing the System User Password
• 5.5 Enabling and Synchronizing Security Settings
  • 5.5.1 Understanding Security Setting Synchronization
  • 5.5.2 Changing the Workstation jde.ini File for User Security
  • 5.5.3 Setting Auxiliary Security Servers in the Workstation jde.ini
  • 5.5.4 Changing the Timeout Value Due to Security Server Communication Error
  • 5.5.5 Changing the Enterprise Server jde.ini File for Security
  • 5.5.6 Setting Auxiliary Security Servers in the Server jde.ini
  • 5.5.7 Verifying Security Processes in the Server jde.ini
• 5.6 Running a Security Analyzer Report
  • 5.6.1 Understanding the Security Analyzer Report
  • 5.6.2 Form Used to Run a Security Analyzer Report
  • 5.6.3 Running the Security Analyzer by Data Source Report (R98OWSECA)
  • 5.6.4 Running the Security Analyzer by User or Group Report (R98OWSECB)
• 5.7 Managing Unified Logon
  • 5.7.1 Understanding Unified Logon
  • 5.7.2 Modifying the jde.ini Setting to Enable or Disable Unified Logon
  • 5.7.3 Setting Up a Service for Unified Logon
  • 5.7.4 Removing a Service for Unified Logon

6 Setting Up JD Edwards Solution Explorer Security

• 6.1 Understanding JD Edwards Solution Explorer Security
  • 6.1.1 Fast Path Security Settings
  • 6.1.2 Solution Explorer Security Presets
  • 6.1.3 Prerequisite
• 6.2 Configuring JD Edwards Solution Explorer Security

7 Using Security Workbench

• 7.1 Understanding Security Workbench
• 7.2 Understanding Exclusive/Inclusive Row Security
  • 7.2.1 Exclusive Row Security
  • 7.2.2 Inclusive Row Security
    • 7.2.2.1 Activating Inclusive Row Security
• 7.3 Creating Security Overrides
  • 7.3.1 Understanding Security Overrides
  • 7.3.2 Adding Security Overrides
• 7.4 Managing Application Security
  • 7.4.1 Understanding Application Security
  • 7.4.2 Reviewing the Current Application Security Settings for a User or Role
  • 7.4.3 Adding Security to an Application
  • 7.4.4 Securing a User or Role from All JD Edwards EnterpriseOne Objects
  • 7.4.5 Removing Security from an Application
• 7.5 Managing Action Security
  • 7.5.1 Understanding Action Security
  • 7.5.2 Reviewing the Current Action Security Settings
  • 7.5.3 Adding Action Security
  • 7.5.4 Removing Action Security
• 7.6 Managing Row Security
  • 7.6.1 Understanding Row Security
  • 7.6.2 Prerequisite
  • 7.6.3 Setting Up Data Dictionary Spec Files
  • 7.6.4 Adding Row Security
  • 7.6.5 Removing Row Security
• 7.7 Managing Column Security
  • 7.7.1 Understanding Column Security
    • 7.7.1.1 Column Security Options
    • 7.7.1.2 Column Security on a Table
    • 7.7.1.3 Column Security on an Application
    • 7.7.1.4 Column Security on an Application Version
    • 7.7.1.5 Column Security on a Form
  • 7.7.2 Adding Column Security
  • 7.7.3 Removing Column Security
• 7.8 Managing Processing Option and Data Selection Security
  • 7.8.1 Understanding Processing Option Security
  • 7.8.2 Understanding Data Selection Security
    • 7.8.2.1 Implementation Considerations
    • 7.8.2.2 Data Selection Security Options
    • 7.8.2.3 Security Hierarchy
    • 7.8.2.4 Data Selection Security Scenarios
  • 7.8.3 Reviewing the Current Processing Option and Data Selection Security Settings
  • 7.8.4 Adding Security to Processing Options and Data Selection
  • 7.8.5 Removing Security from Processing Options and Data Selection
  • 7.8.6 Using R009505 to Update Data Selection Security
• 7.9 Managing Tab Security
  • 7.9.1 Understanding Tab Security
  • 7.9.2 Adding Tab Security
  • 7.9.3 Removing Tab Security
• 7.10 Managing Hyper Exit Security
  • 7.10.1 Adding Hyper Exit Security
  • 7.10.2 Removing Hyper Exit Security
• 7.11 Managing Exclusive Application Security
  • 7.11.1 Understanding Exclusive Application Security
  • 7.11.2 Adding Exclusive Application Security
  • 7.11.3 Removing Exclusive Application Access
• 7.12 Managing External Calls Security
  • 7.12.1 Understanding External Call Security
  • 7.12.2 Adding External Call Security
  • 7.12.3 Removing External Call Security
• 7.13 Managing Miscellaneous Security
  • 7.13.1 Understanding Read/Write Reports Security
  • 7.13.2 Managing Miscellaneous Security Features
• 7.14 Managing Push Button, Link, and Image Security
  • 7.14.1 Understanding Push Button, Link, and Image Security
    • 7.14.1.1 Push Button, Link, and Image Security on Subforms
  • 7.14.2 Adding Push Button, Link, and Image Security
  • 7.14.3 Removing Push Button, Link, and Image Security
• 7.15 Managing Text Block Control and Chart Control Security
  • 7.15.1 Understanding Text Block Control and Chart Control Security
  • 7.15.2 Reviewing Current Text Block Control and Chart Control Security Settings
  • 7.15.3 Adding Text Block Control and Chart Control Security
  • 7.15.4 Removing Text Block Control and Chart Control Security
• 7.16 Managing Media Object Security
  • 7.16.1 Understanding Media Object Security
  • 7.16.2 Reviewing the Media Object Security Settings
  • 7.16.3 Adding Media Object Security
  • 7.16.4 Removing Media Object Security
• 7.17 Managing Application Query Security
  • 7.17.1 Understanding Application Query Security
  • 7.17.2 Setting Up Application Query Security for Applications
  • 7.17.3 Setting Up DataBrowser Query Security
  • 7.17.4 Selecting Error or Warning Messages
  • 7.17.5 Finding Existing Query Security Records
  • 7.17.6 Editing Existing Query Security Records
  • 7.17.7 Deleting Query Security Records
  • 7.17.8 Enable or Disable Query Security Records
  • 7.17.9 Excluding Users
  • 7.17.10 Configuring Error Messages Using Data Dictionary Items
  • 7.17.11 Configuring Fields
• 7.18 Managing Data Browser Security
  • 7.18.1 Understanding Data Browser Security
  • 7.18.2 Adding Data Browser Security
  • 7.18.3 Removing Data Browser Security
• 7.19 Managing Published Business Services Security
  • 7.19.1 Understanding Published Business Services Security
    • 7.19.1.1 Inherited Security
    • 7.19.1.2 How JD Edwards EnterpriseOne Checks Published Business Services Security
    • 7.19.1.3 Published Business Services Security Log Information
  • 7.19.2 Reviewing the Current Published Business Services Security Records
  • 7.19.3 Authorizing Access to Published Business Services
  • 7.19.4 Adding Multiple Published Business Services Security Records at a Time
  • 7.19.5 Deleting Published Business Services Security
• 7.20 Copying Security for a User or a Role
  • 7.20.1 Understanding How to Copy Security for a User or a Role
  • 7.20.2 Copying All Security Records for a User or a Role
  • 7.20.3 Copying a Single Security Record for a User or a Role
• 7.21 Reviewing and Deleting Security Records on the Work With User/Role Security Form
  • 7.21.1 Understanding How to Review Security Records
  • 7.21.2 Reviewing Security on the Work With User/Role Security Form
  • 7.21.3 Deleting Security on the Work With User/Role Security Form
• 7.22 Running Security Workbench Records Reports
  • 7.22.1 Understanding the Security Workbench Records Reports
    • 7.22.1.1 Example of Security by Object Report (R009501)
    • 7.22.1.2 Example of Security Audit Report by User (R009502, XJDE0001)
    • 7.22.1.3 Example of Security Audit Report by Role (R009502, XJDE0002)
  • 7.22.2 Run the Security Audit Report by Object Version (R009501, XJDE0001)
  • 7.22.3 Run the Security Audit Report by User Version (R009502, XJDE0001)
  • 7.22.4 Run the Security Audit Report by Role Version (R009502, XJDE0002)
  • 7.22.5 Running a Report that Lists Published Business Service Security Records

8 Setting Up Address Book Data Security

• 8.1 Understanding Address Book Data Security
  • 8.1.1 Additional Level of Private Data Security with EnterpriseOne Tools Release 9.1
• 8.2 Prerequisites
• 8.3 Setting Up Permission List Definitions
  • 8.3.1 Understanding Permission List Definitions
  • 8.3.2 Forms Used to Set Up Permission List Definitions
  • 8.3.3 Creating Permission List Definitions
• 8.4 Setting Up Permission List Relationships
  • 8.4.1 Understanding Permission List Relationships
  • 8.4.2 Forms Used to Create Permission List Relationships
  • 8.4.3 Creating Permission List Relationships
• 8.5 Enabling or Disabling Secured Private Data from Displaying in Other Applications and Output (Release 9.1.0.5)

9 Setting Up Business Unit Security

• 9.1 Understanding Business Unit Security
  • 9.1.1 UDC Sharing
  • 9.1.2 Transaction Security
• 9.2 Working with UDC Sharing
  • 9.2.1 Understanding the UDC Sharing Setup
  • 9.2.2 Understanding Business Unit Security for UDC Sharing
  • 9.2.3 Setting Up UDC Sharing
  • 9.2.4 Setting Up Business Unit Security for UDC Sharing
  • 9.2.5 Revising UDC Groups
  • 9.2.6 Deleting a UDC Group
• 9.3 Working with Transaction Security
  • 9.3.1 Understanding How to Set Up Transaction Security
    • 9.3.1.1 Generating Transaction Security Records
  • 9.3.2 Setting Up Transaction Security
  • 9.3.3 Setting Processing Options for Maintain Business Unit Transaction Security (R95301)
    • 9.3.3.1 Transaction Security
  • 9.3.4 Setting Processing Options for Business Unit Security Maintenance Application (P95300)
    • 9.3.4.1 Mode
    • 9.3.4.2 Transaction Security
  • 9.3.5 Revising Transaction Security

10 Setting Up Application Failure Recovery

• 10.1 Understanding Application Failure Recovery
  • 10.1.1 Prerequisites
• 10.2 Enabling/Disabling Application Failure Recovery
• 10.3 Saving Application Data

11 Enabling LDAP Support in JD Edwards EnterpriseOne

• 11.1 Understanding LDAP Support in JD Edwards EnterpriseOne
  • 11.1.1 LDAP Support Overview
  • 11.1.2 User Profile Management in LDAP-Enabled JD Edwards EnterpriseOne
  • 11.1.3 LDAP and JD Edwards EnterpriseOne Relationships
    • 11.1.3.1 User Authentication Using the LDAP Server
    • 11.1.3.2 JD Edwards EnterpriseOne User Data
    • 11.1.3.3 User Data Managed by LDAP
    • 11.1.3.4 Data Managed by LDAP and JD Edwards EnterpriseOne
    • 11.1.3.5 User Data Synchronization in LDAP-Enabled JD Edwards EnterpriseOne
  • 11.1.4 Application Changes in LDAP-Enabled JD Edwards EnterpriseOne
    • 11.1.4.1 User Password Changes
    • 11.1.4.2 User Profile Revisions Application (P0092) Changes
    • 11.1.4.3 EnterpriseOne Security Application (P98OWSEC) Changes
    • 11.1.4.4 Role Relationships Application (P95921) Changes
    • 11.1.4.5 Schedule Jobs Application Changes
  • 11.1.5 LDAP Server-Side Administration
  • 11.1.6 JD Edwards EnterpriseOne Server-Side Administration
• 11.2 Configuring LDAP Support in JD Edwards EnterpriseOne
  • 11.2.1 Overview of Steps to Enable LDAP Support in JD Edwards EnterpriseOne
  • 11.2.2 How JD Edwards EnterpriseOne Uses LDAP Server Settings
  • 11.2.3 Prerequisites
  • 11.2.4 Forms Used to Configure LDAP Support in JD Edwards EnterpriseOne
  • 11.2.5 Creating an LDAP Configuration
  • 11.2.6 Configuring the LDAP Server Settings
  • 11.2.7 Configuring LDAP to JD Edwards EnterpriseOne Enterprise Server Mappings
  • 11.2.8 Changing the LDAP Configuration Status
  • 11.2.9 Enabling LDAP Authentication Mode
• 11.3 Modifying the LDAP Default User Profile Settings
  • 11.3.1 Understanding LDAP Default User Profile Settings
  • 11.3.2 Forms Used to Modify the LDAP Default User Profile Settings
  • 11.3.3 Reviewing the Current LDAP Default Settings
  • 11.3.4 Modifying the Default User Profile Settings for LDAP
  • 11.3.5 Modifying the Default Role Relationships for LDAP
  • 11.3.6 Modifying the Default User Security Settings for LDAP
• 11.4 Using LDAP Bulk Synchronization (R9200040)
  • 11.4.1 Understanding LDAP Batch Synchronization
    • 11.4.1.1 Example: LDAP Bulk Synchronization (R9200040)
  • 11.4.2 Running the LDAP Bulk Synchronization Batch Process (R9200040)
• 11.5 Using LDAP Over SSL
  • 11.5.1 Understanding LDAP with SSL
    • 11.5.1.1 LDAP Authentication Over SSL for Windows and UNIX
    • 11.5.1.2 LDAP Authentication Over SSL for IBM i
  • 11.5.2 Enabling LDAP Authentication Over SSL for Windows and UNIX
  • 11.5.3 Enabling LDAP Authentication Over SSL for IBM i
• 11.6 Exporting User Data to the LDAP Server
  • 11.6.1 Understanding the data4ldap Utility
  • 11.6.2 Prerequisites
  • 11.6.3 Granting Access to the data4ldap Utility
  • 11.6.4 Configuring Parameters Required to Run the data4ldap Utility
  • 11.6.5 Running the data4ldap Utility on Windows
  • 11.6.6 Running the data4ldap Utility on Unix or Linux
  • 11.6.7 Running the data4ldap utility on IBM i
  • 11.6.8 Scenarios for Uploading Users to the LDAP Server
    • 11.6.8.1 data4ldap JDE DV812 *ALL *NO *YES
    • 11.6.8.2 data4ldap JDE DV812 *ALL *YES *YES
    • 11.6.8.3 data4ldap JDE DV812 *ALL *YES *NO
    • 11.6.8.4 data4ldap JDE DV812 *ALL *NO *NO
  • 11.6.9 LDAP Server Behavior
    • 11.6.9.1 Tree Delete Control
    • 11.6.9.2 Microsoft Active Directory

12 Understanding JD Edwards EnterpriseOne Single Sign-On

• 12.1 JD Edwards EnterpriseOne Single Sign-On Overview
• 12.2 Authenticate Tokens
• 12.3 Nodes
• 12.4 How a Node Validates an Authenticate Token
• 12.5 Single Sign-On Scenario: Launching a JD Edwards EnterpriseOne Application from JD Edwards Collaborative Portal

13 Setting Up JD Edwards EnterpriseOne Single Sign-On

• 13.1 Understanding the Default Settings for the Single Sign-On Node Configuration
• 13.2 Setting Up a Node Configuration
  • 13.2.1 Understanding Single Sign-On Configurations and Their Relationships
  • 13.2.2 Adding a Node Configuration
  • 13.2.3 Revising a Node Configuration
  • 13.2.4 Changing the Status of a Node
  • 13.2.5 Deleting a Node Configuration
• 13.3 Setting Up a Token Lifetime Configuration Record
  • 13.3.1 Adding a Token Lifetime Configuration Record
  • 13.3.2 Deleting a Token Lifetime Configuration Record
• 13.4 Setting Up a Trusted Node Configuration
  • 13.4.1 Adding a Trusted Node Configuration
  • 13.4.2 Deleting a Trusted Node Configuration
• 13.5 Configuring Single Sign-On for a Pre-EnterpriseOne 8.11 Release
  • 13.5.1 Modifying jde.ini file Node Settings for Single Sign-On
  • 13.5.2 Working with Sample jde.ini Node Settings for Single Sign-On
    • 13.5.2.1 Example 1:
    • 13.5.2.2 Example 2:
• 13.6 Configuring Single Sign-On Without a Security Server

14 Setting Up JD Edwards EnterpriseOne Single Sign-On Through Oracle Access Manager

• 14.1 Understanding JD Edwards EnterpriseOne Single Sign-On Through Oracle Access Manager
  • 14.1.1 JD Edwards EnterpriseOne Integration Architecture
  • 14.1.2 Single Sign-On Architecture
  • 14.1.3 Supported Versions and Platforms
• 14.2 Setting Up Oracle Access Manager Single Sign-On for JD Edwards EnterpriseOne
  • 14.2.1 Prerequisites
  • 14.2.2 Registering the WebGate Agent for JD Edwards EnterpriseOne HTML Server
  • 14.2.3 Configuring Oracle HTTP Server for JD Edwards EnterpriseOne HTML Server
• 14.3 Setting Up JD Edwards EnterpriseOne for Single Sign-On Integration with Oracle Access Manager
• 14.4 Setting Up JD Edwards EnterpriseOne for Single Sign-Off Integration with Oracle Access Manager
• 14.5 Testing the Single Sign-On Configuration

15 Configuring SSL for JDENET (Release 9.1 Update 2.1)

• 15.1 Understanding SSL for JDENET
• 15.2 Installing SSL Programs on IBM System i
• 15.3 Generating an SSL Certificate and Key File
• 15.4 Configuring the Enterprise Server JDE.INI File

16 Upload and Download Security (Release 9.1 Update 2.2)

• 16.1 Understanding Upload and Download Security
• 16.2 Configuring Upload Security
  • 16.2.1 System-Defined Inclusion List
  • 16.2.2 User-Defined Inclusion List
    • 16.2.2.1 Additional Rules and Restrictions for Uploading Files
• 16.3 Understanding Download Security

A DB Password Encryption

• A.1 Understanding the Problem
  • A.1.1 Converting Security
  • A.1.2 Understanding the Impacted Components
  • A.1.3 Configuring New Encryption
• A.2 Preparing for Installation
• A.3 Updating JD Edwards EnterpriseOne
• A.4 Reviewing the Installation
• A.5 Rolling Back the Software
• A.6 Copyright

B Creating a JD Edwards EnterpriseOne LDAP Configuration for OID

• B.1 Understanding JD Edwards EnterpriseOne LDAP Configuration for OID
• B.2 Adding OID to the List of LDAP Server Types
• B.3 Creating an LDAP Configuration for OID
• B.4 Configuring the LDAP Server Settings for OID
• B.5 Configuring LDAP to JD Edwards EnterpriseOne Enterprise Server Mappings for OID

C JD Edwards EnterpriseOne Cookies

• C.1 Web Runtime Cookies

Glossary

Index