This chapter contains the following topics:
Section 7.1.1, "How Using Role Profiles Makes Setting Up User Profiles Easier"
Section 7.1.2, "Tables Used by the User Profile Revisions Application"
Use the User Profile Revisions (P0092) application to add users and set up user profiles. For every user, you must create a user profile, which defines such information as a list of environments that a user can select when signing in to JD Edwards EnterpriseOne and the language preference of the user. You can also assign roles to users. A role defines the tasks that an end user sees in EnterpriseOne.
You can use P0092 to define specific users or roles. This definition includes:
The role to which a user belongs.
Roles are an important aspect of EnterpriseOne. By assigning users to roles, system administrators can set user preferences and security records that are based on the roles rather than the individual user. For example, an accounts payable clerk would be part of the AP role.
The environments that the user can select when signing in to EnterpriseOne.
The language preference and country code for the text that appears on EnterpriseOne menus, forms, and country-specific applications.
Roles eliminate the need to set up preferences for each individual user profile. By assigning individual users to a role, you can assign preferences to the role and have those settings available to all of the individual users who have that role. We recommend creating all role profiles that are needed for the enterprise first. This method makes creating user profiles easier; instead of defining specific environments, packages, and machine configurations for each user, administrators can define them for the role. If an individual in a role needs a different setup, you can assign different setups at the user profile level, which overrides the role settings.
EnterpriseOne uses roles for these purposes:
Creation of sign-in security records.
Authorization security, which determines the EnterpriseOne applications and features uses can access.
Environments.
User overrides.
You can create user profiles one at a time by using the User Profile Revisions application, or you can simultaneously create multiple profiles by using batch processes. If you need to add only a small number of individual users, use the User Profile Revisions application.
This section contains checklists of the high-level steps required to add a single new user or multiple new users. These steps do not address third-party setup issues such as assigning network user IDs.
The following list describes the high-level steps for adding user profiles one at a time.
If you plan to create a new role for the user, add an address book record with a valid search type code (for example, E for employee).
If the existing role profiles are not acceptable for the new user, add a role profile.
Add an address book record for the new user.
Add a user profile.
Add sign-in security records for the user.
Use Security Workbench (P00950) to add any security overrides for the user if the user needs different security than the roles to which the user belongs.
Populate the machine table for the user's machine.
Use User Overrides Revision (P98950) to add any new user overrides for the user if the user needs different user overrides than the role to which the user belongs.
When you are ready to create user profiles for the first time, you might need to create hundreds of profiles simultaneously. In this case, EnterpriseOne provides batch processes to create the profiles. These batch processes automate the process of user profile creation.
When you decide which role to assign to a user, consider application security as the most important role because:
Application security has the most extensive setup.
Managing overrides to the role security is more difficult than, for example, managing overrides to deployment preferences.
Note:
Sign-in security is not based on roles because individuals must have their own passwords. A program exists with sign-in security to quickly create individual security records by role; however, after the records are created, security is assigned by an individual.The following list describes the high-level steps for adding multiple user profiles simultaneously.
Using the Address Book application (P01012), create address book records for roles that you will use in user profiles.
Using the User Profile Revisions application, add the role profiles.
Populate the various Address Book tables.
If you are migrating data from a non-JD Edwards EnterpriseOne system, you can populate the data tables with a table conversion. Otherwise, you can manually add data to the Address Book tables.
Run the Populate User Profiles (R0092) batch process to create user profile records from existing Address Book records.
Normally, this report is based on address book records with a search type for employees (E).
Adjust each user's role assignments.
Determine the role in which you want to place an individual and manually assign each user to a role. Change the user environments if they are not standard to that role.
These settings are dictated by role:
Environments
User Overrides
Application Security
Run the Summary of Environments, Packages and Profiles batch process (R00921) to view the new user profiles.
Use Security Workbench (P00950) to apply application, action, and processing option security for roles and any individual overrides to those roles.
Create sign-in security records using the User Security application (P98OWSEC).
You can create sign-in security records for all individuals within a role by entering one record for the role.
Manually populate the F00960 table.
This table is automatically populated each time a machine signs in to JD Edwards EnterpriseOne. However, if you intend to use schedule packages, you must manually populate this table.
Create user overrides for roles.
Normally, you will not create any overrides for individuals because they can easily create their own as they use the software.
This section contains the following topics:
Section 7.3.2, "Creating and Modifying User and Role Profiles"
Section 7.3.4, "Assigning or Deleting Environments for User and Role Profiles"
Section 7.3.5, "Assigning Business Preferences to User and Role Profiles"
Section 7.3.7, "Setting Processing Options for User Profile Revisions (P0092)"
Use the User Profile Revisions (P0092) application to set up user profiles. When you set up profiles as a system administrator, you create "group" profiles (using roles) and user profiles for each user in the system. You also determine the environments that are available for each group and user, and set up display preferences, such as language.
Important:
If you are setting up user profiles during the installation process, you must sign in to the deployment server using the deployment environment. After you have completed the installation process, you can add or modify user profiles from any machine except the deployment server.These steps outline the high-level process for setting up user profiles:
Create all of the role profiles for the enterprise.
See Setting Up Roles.
Create a user profile for every user.
Assign to each role or user these preferences:
Environments, to determine the environments that you want to be available to each role or user. Environments are assigned at the role level only.
Display preferences, to determine JD Edwards EnterpriseOne display characteristics such as language, date format, and country code.
The Display preferences are controlled on the User Profile Revisions form.
The system administrator needs to create a user profile for every user. The user profile defines certain setup and display features, such as access to Fast Path, language, date format, or country code. The administrator should first create all of the role profiles that are needed for the enterprise. This action makes creating profiles easier; instead of defining specific environments, packages, and machine configurations to each user, administrators can define them for the role. If an individual in a role needs a different setup, you can assign different setups at the user level, which will override the role settings.
If you select a country code for a user, the menu filtering process displays for that user any special menu selections unique to that country code. For example, if you enter CA (Canada), that user would see the Canadian Tax Information application on the appropriate menu, which users without that country code would not see.
In the Fast Path, enter P0092 to access the User Profiles application.
On the Work With User/Role Profiles form, perform one of the following tasks:
If you want to create a new user profile, click Add.
If you want to modify an existing profile, click Find, select a user profile in the grid, and then click Select.
On the User Profile Revisions form, in the User ID field, enter the user ID for the individual profile.
If you are modifying a user profile, this field displays the user ID. You cannot type new information in this field when you modify a profile.
In the header area of the form, complete the remaining fields:
Enter an Address Book number if the role will be used with a workflow.The code that identifies a user profile.
A number that identifies an entry in the Address Book system, such as employee, applicant, participant, customer, supplier, tenant, or location.
The computer waiting line that a particular job passes through. If blank, it defaults to the job queue specified in the user's job description.
In the Display Preferences area, complete the following fields and then click OK.
A user defined code (01/LP) that specifies the language to use on forms and printed reports. Before you specify a language, a code for that language must exist at either the system level or in the user preferences.
An option that determines how text is to be read, left to right or right to left. This option is enabled only when Arabic is selected as the language. For all other languages, the system automatically selects the left to right option.
An option that enables the JD Edwards EnterpriseOne web client to be accessible through the JAWS screen reader software for visually impaired users. The option is deselected by default when a user profile is created.
An option that enables users to view the EnterpriseOne interface in Standard or Simplified mode. Standard mode is for users who need access to the full range of EnterpriseOne actions. If users are in Standard mode, they are able to view the Navigation bar, the Carousel, the Fast Path (if they have the appropriate permissions), and Breadcrumbs.
Simplified mode is for users who need a scaled-down interface that provides only limited actions in EnterpriseOne. In Simplified mode, users see the Banner Bar, Personalization, Help, Username, Environment, and Sign Out options.
The format of a date as it is stored in the database.
These date formats are valid: YMD, MDY, DMY, EMD. If you leave this field blank, the system displays dates based on the settings of the operating system on the workstation. With NT, the Regional Settings in the Control Panel control the settings for the operating system of the workstation.
The character to use when separating the month, day, and year of a given date. If you enter an asterisk, the system uses a blank for the date separator. If you leave the field blank, the system uses the system value for the date separator.
The number of positions to the right of the decimal that you want to use. If you leave this field blank, the system value is used as the default.
A code that identifies a localization country. It is possible to attach specific county functionality that is triggered baed on this code using the country server methodology in the base product.
A code that you use to associate a time zone with a user's profile. This code represent the user's preferred time zone, and it must be a value from the UDC table (H91/TZ).
A value that determines the user's preferred format for time-of-day. The user can choose from a 12- or 24-hour clock.
The rule name that specifies the daylight savings rule for a region or country.
See "Creating Daylight Savings Rules" in the JD Edwards EnterpriseOne Tools System Administration Guide.
In the Fast Path, enter P0092 to access the User Profiles application.
On the Work With User/Role Profiles form, perform one of the following tasks:
If you want to create a new role, select Add Role from the Form menu.
If you want to modify an existing profile, select the Roles Only option, click Find, select a role in the grid, and then click Select.
On the Role Revisions form, complete the following fields:
If creating a new role, enter a name for the role, for example PAYROLL, and enter a description for the role in the adjacent field.
You cannot modify this field if you are modifying an existing role.
Enter an Address Book number if the role will be used with a workflow.
A number that identifies an entry in the Address Book system, such as employee, applicant, participant, customer, supplier, tenant, or location.
The computer waiting line that a particular job passes through. If blank, it defaults to the job queue specified in the user's job description.
The computer waiting line that a particular job passes through. If blank, it defaults to the job queue specified in the user's job description.
In the Display Preferences area, complete the remaining fields:
An option that determines how text is to be read, left to right or right to left. This option is enabled only when Arabic is selected as the language. For all other languages, the system automatically selects the left to right option.
An option that enables the JD Edwards EnterpriseOne web client to be accessible through the JAWS screen reader software for visually impaired users. The option is deselected by default when a user profile is created.
An option that enables users to view the EnterpriseOne interface in Standard or Simplified mode. Standard mode is for users who need access to the full range of EnterpriseOne actions. If users are in Standard mode, they are able to view the Navigation bar, the Carousel, the Fast Path (if they have the appropriate permissions), and Breadcrumbs.
Simplified mode is for users who need a scaled-down interface that provides only limited actions in EnterpriseOne. In Simplified mode, users see the Banner Bar, Personalization, Help, Username, Environment, and Sign Out options.
The format of a date as it is stored in the database.
These date formats are valid: YMD, MDY, DMY, EMD. If you leave this field blank, the system displays dates based on the settings of the operating system on the workstation. With NT, the Regional Settings in the Control Panel control the settings for the operating system of the workstation.
The character to use when separating the month, day, and year of a given date. If you enter an asterisk, the system uses a blank for the date separator. If you leave the field blank, the system uses the system value for the date separator.
The number of positions to the right of the decimal that you want to use. If you leave this field blank, the system value is used as the default.
A code that identifies a localization country. It is possible to attach specific county functionality that is triggered baed on this code using the country server methodology in the base product.
A code that you use to associate a time zone with a user's profile. This code represent the user's preferred time zone, and it must be a value from the UDC table (H91/TZ).
A value that determines the user's preferred format for time-of-day. The user can choose from a 12- or 24-hour clock.
The rule name that specifies the daylight savings rule for a region or country.
See "Creating Daylight Savings Rules" in the JD Edwards EnterpriseOne Tools System Administration Guide.
Click OK when you are finished.
You can copy all or part of a user or role profile. When you copy an entire user or role profile (display and environment preferences), you are creating a new user or role profile with the information from another profile. When you copy part of a user profile, you are copying the environment preferences from another profile to an already existing user profile.
In the Fast Path, enter P0092 to access the User Profiles application.
On the Work With User/Role Profiles form, select a user or role profile and perform one of the following actions:
To copy an entire profile (the display, environment, and deployment preferences), click Copy.
The User Profile Revisions form or Role Revisions form appears depending on if you copied a user or role profile. Because this action creates a new profile, the user or role profile that you create cannot already exist in JD Edwards EnterpriseOne.
To copy environment preferences, from the Row menu, select Copy Environment.
The User Environment Revisions form appears. This action copies environment prefaces from one user or role profile to another. The user or role profile that you copy to must already exist.
If you copied a user, in the User/Role field on User Profile Revisions, enter a user ID to copy the profile into and modify any other information if necessary.
If you copied a role, in the Role field on Role Revisions, enter a role to copy the profile into and modify any other information if necessary.
Click OK.
You can assign a list of environments that each user or role can choose from when starting EnterpriseOne. If a user does not have a user profile-specific environment assignment, the user can choose from the environments that are assigned from the user's role each time the user starts EnterpriseOne. You can assign more than one environment from which a user can choose. You can delete environments that are no longer relevant to the user.
Important:
If environments are set up at the user level, the user will only be able to log into those environments. Also, the same environments must be added to the user's role.If an environment is not at both the user and role level, the user will not be able to log into that environment playing that role.
In the Fast Path, enter P0092 to access the User Profiles application.
On Work With User / Role Profiles, click Find and then select a user or role profile.
From the Row menu, select Environments.
The User Environment Revisions form appears. This form displays the list of environments available for a particular user or role.
To add a new environment, in the last row, enter a number that specifies the order in which the environment is displayed in the Display Seq. field.
In the Environment field, click the Search button to select an environment.
To delete an environment from the list, select the environment and click Delete.
Click OK when you are finished.
When setting up profiles, you can assign business preference codes. These codes can be used by a customized workflow process to send messages, update a database, or start an application. You define the codes for the preferences based on industry, business partner, or customer. Then you can create an EnterpriseOne workflow process that is based on whether a specific code resides in the user profile.
For example, you assign the code CUS for a customer business preference, and then create a workflow process that begins whenever a user or role profile with the CUS business preference enters a sales order.
In the Fast Path, enter P0092 to access the User Profiles application.
Click Find.
Select a user or profile, and then click Select.
On the User Profile Revisions or Role Revisions form, from the Form menu, select Bus Preferences.
On the Business Preferences form, complete any of these fields and click OK:
Industry Code
This field associates the user profile with a specific industry, such as manufacturing.
Business Partner Code
This field associates the user profile with a specific business partner.
Customer Code
This field associates the user profile with a specific customer.
Note:
Click Cancel on the Business Preferences form to cancel the addition of the current business preference.By default, all users and roles are assigned Standard mode. The Simplified mode can be assigned to either specific users or roles. If a user logs into EnterpriseOne using the *ALL role, all roles included in *ALL must be assigned as Simplified mode for the user to be assigned Simplified mode.
You can assign Standard or Simplified modes to Users and Roles, Users only, or Roles only. The default mode is Standard.
In the Fast Path, enter P0092 to access the User Profiles application.
Select to search on both Users and Roles, Users Only, or Roles Only.
Click Find.
Select a record or multiple records, and then click Select.
The User Profile Revisions screen displays.
In the Set Simplified mode section, select Yes to assign the Simplified mode to user profiles that you have selected, or select No to assign Standard mode to the user profiles you have selected.
Click Save.
To view where Simplified and Standard modes apply
In the Fast Path, enter P0092 to access the User Profiles application.
From the Form exit, click Simplified mode.
In the User/Role field, if it is not already populated, enter the User or Role for which you want to view Standard or Simplified modes.
Select Standard, Simplified, or All to search for corresponding records.
Click Find.
Access the Processing Options form. Select the A/B Validation tab.
Enter 1 to enable Address Book validation.
When enabled, this processing option validates each new user ID against the Address Book Master (F0101) table upon the creation of a user profiles. Upon creation of a user profile, each new user ID is validated against the F0101 table. As a result, you cannot create a user profile for a user who is not already defined in the F0101 table. We recommend that you enable this setting to ensure that Work Center operates correctly. That application requires valid address book numbers.
Enter 0 (or leave blank) to disable Address Book validation.
When disabled, this processing option allows you to create user profiles for Address Book entries that do not yet exist in the F0101 table.
If address book records already exist for employees, you can run a batch process to automatically create user profiles from those address book records. This process can save time, ensure accuracy between the Address Book and user profile records, and ease the transition of taking EnterpriseOne to production.
You can create user profiles through the Populate User Profiles batch application (R0092). With this process, you can assign display and environment preferences to users. This process enables you to create hundreds of new user profiles at a time.
Note:
If you need to add just a few users, you should use the User Profile Revisions application.Before you complete the tasks in this section:
Create all of the role profile information by using the User Profile Revisions application.
Define:
Role profiles.
Environments that each role can access.
To run the Populate User Profiles (R0092) batch application:
In the Fast Path, enter BV to access the Work With Batch Versions - Available Versions form.
Enter R0092 in the Batch Application field and click Find.
Select the EnterpriseOne default version (XJDE0001) or the equivalent for the installation, and then click Select.
On the Versions Prompting form, click Data Selection, and then click Submit.
On the Data Selection form, create a logic statement that describes the set of users for which you want to create profiles.
This form already has a search type of E (employees) populated, which assumes that the users are all employees. You might want to narrow this selection by submitting it for only a range of employees.
After you complete the Data Selection form, the Processing Options form appears.
On the Processing Options form, enter:
One of these values for option 1:
Enter 1 to run this report in proof mode, which provides an example of what would happen if you were to run the report in final mode.
Leave blank to run this report in final mode, which creates the user profiles that you specified and creates a report showing the profiles created.
One of these values for option 2 to define the user profile record being created for each user:
Enter 1 to populate the User ID field with the users' address book numbers plus their initials. Typically, user profiles are created with the users' initials preceding their Address Book number.
Leave this field blank to use just the address book number.
Complete these user profile fields for option 2:
Fast Path
Language
Date Format
Data Separator Character
Data Format Character
Country
For option 3, enter any additional environments that you want the user to have access to instead of the environments already established for the user's role.
The Summary of Environments, Packages and Profiles report (R00921) enables you to review a list of user and role profile definitions. This report summarizes the environment or environments assigned to a role, lists the users in the role, and notes any additional environments that are assigned specifically to an individual user. EnterpriseOne provides two default versions that enables you to summarize either all roles or only specific roles.
In the Fast Path, enter BV to access the Work With Batch Versions - Available Versions form.
Enter R00921 in the Batch Application field and click Find.
Select a version and click Select.
Default version XJDE0001 creates a report for all group (role) profiles in the enterprise. Default version XJDE0002 creates a report about a specific group (role) profile that you specify.
On the Versions Prompting form, click Data Selection and click Submit.
On the Data Selection form, create a logic statement that describes the role profiles that you want to summarize.
Click OK.
This section contains the following topics:
As part of the system setup, you must define the roles for users in the organization. Roles define the tasks that users see when they work in EnterpriseOne Menus and determine what authority the users have in EnterpriseOne.
After you have defined a role, you can associate users with it and apply security to it to provide the appropriate level of access to EnterpriseOne functions. You can assign more than one user to a role, or you can assign more than one role to a user. To establish a role relationship, you use the Role Relationships application (P95921), which enables you to add, remove, or revise a role relationship for a user. Role relationships are revised by removing an assigned role or by changing the expiration date for an assigned role.
Assigning roles accomplishes these purposes:
Users see only those tasks and perform only those activities that relate to their jobs.
For example, a user acting in the role of accounts payable clerk might not need to see all of the tasks that an accounts payable manager would need to see. You can create both of these roles and define a different set of tasks for each one.
Users can have multiple roles.
Within an organization, a user might have many responsibilities, none of which are defined by a single role. A user who is assigned multiple roles can switch roles according to the work required.
Note:
Security for a user is not affected when a user changes a role after signing in to EnterpriseOne; only menu filtering and the display of menu information is affected for that user. The security applied to a user is based on how a user signs in to the system.Administrators can set up security based on user roles.
A user's access to applications, forms, table columns, data sources, and so on is based on one or more roles to which the user is assigned.
Note:
EnterpriseOne stores the role descriptions in the F00926 table. If you previously defined roles using the UDC table H95/RL, you can run the Populate Role Descriptions From F0092 report (R89959211) to populate the Anonymous User Access Table with those older role descriptions.This table summarizes the steps an administrator must perform to set up roles for users:
| Administrative Step | Applications Used | Forms Used | Tables Used |
|---|---|---|---|
| Populate the User Profile table with roles that are stored in UDC H95/RL during Roles Phase I. | R89959211, R89959212 | Not applicable (NA). | F00926, F0092 |
| Run an application to populate the Role Relationships table. | R8995921 | NA. | F0092, F95921 |
| Create roles. | P0092 (User Profile Revisions) | W0092A (User Profile Revisions); Form exit from the Work With User Profiles form (W0092D). | F0092 |
| Sequence the roles. | P0092 | W0092L (Work With Role Sequences); Form exit from the Work With User Profiles form. | F00926 |
| Create role relationships that associate users with roles. | P95921 (Role Relationships) | W95921A (Work With Role Relationships). | F95921 |
| Add security to roles. | P00950 (Security Workbench) | Various, depending on type of security to be applied to each role. | F00950 |
The Portal, Solution Explorer, and EnterpriseOne clients use the role relationships data in the F95921 table (Role Relationships) and various APIs to retrieve data and allow users to have assigned roles.
You use EnterpriseOne to administer defined roles for which you have created role relationship records. You can add large numbers of roles to a single user, and you can add large numbers of users to a single role relationship record. You can also use EnterpriseOne to specify the language that is used for the description of a new role.
After you have created one or more role relationships for a user, you can revise the relationships. Role relationships are revised by removing an assigned role or by changing the expiration date for an assigned role. You can also exclude an assigned role from *ALL or add a role to *ALL that was previously excluded.
In addition, you might want to delegate one or more of the roles to another user if a particular user will be unavailable. When you delegate the role relationship records, you can copy existing records to another user. You cannot add role relationships to another user unless those roles are already assigned to you.
See Also:
You create lists of roles that are subsets of another role. For example, you might create an ADMIN role that includes users with the greatest number of administrative responsibilities and the broadest access to applications in EnterpriseOne. You might also create other roles that include individuals with limited administrative responsibilities and access to fewer applications in EnterpriseOne. If you create a distribution list based on roles, you might want to include on the list all roles with some level of administrative responsibility. Anyone in a role that is part of the distribution list would receive messages sent to the ADMIN role.
You use the Work With Distribution Lists form to add or remove roles from the distribution list as needed. Work With Distribution Lists does not influence how security is applied. It only helps to define workflow e-mail distribution lists.
When signing in to EnterpriseOne, if the Role Chooser is enabled, users can use the Role Chooser to select a particular role from a list of valid roles. In the Role Chooser, users can either select a particular role or *ALL. You can limit the freedom that a user has to select roles by disabling the Role Chooser. With the Role Chooser disabled, the user must enter EnterpriseOne with *ALL.
At the JD Edwards EnterpriseOne sign-in form, the user enters a user ID and password. The user must then enter a valid environment and role before entering EnterpriseOne. User roles and assigned environments are dependent on each other. The user can select an environment, which then determines the roles that appear in the Role Chooser; or the user can select a role, which determines the environments that appear in the Environment Chooser.
The option for enabling the Role Chooser is a global setting. When enabled, it applies to all users in the system.
This table summarizes the scenarios that can occur when the user encounters the Environment and Role fields at sign-in on the Microsoft Windows client, and the behavior of EnterpriseOne in each scenario:
| Sign-in Scenario | JD Edwards EnterpriseOne Behavior |
|---|---|
| User enters values in both the Environment and Role fields. | The software validates the role against the environment. If the role is not valid for the chosen environment, the Environment Chooser appears and the user must choose a valid environment for the role. |
| User enters a value only in the Role field. | The Environment Chooser displays only the valid environments for the chosen role. |
| User enters a value only the Environment field. | The Role Chooser displays only the valid roles for the user and the chosen environment. |
| User does not enter a value in either the Environment field or the Role field. | The Role Chooser appears, containing the valid roles for the user and the default environment that is defined in the jde.ini file, followed by the Environment Chooser, containing only the valid environments for the chosen role.
If you do not enter an environment, the Role Chooser displays the roles that are assigned to the default environment, which is defined in the jde.ini file. |
In P95921, you can select the "Choose role on Menu filtering page" option to give users the ability to filter menus by role in the EnterpriseOne Menus. When enabled, the EnterpriseOne web client displays the Role drop-down menu above the EnterpriseOne Menus. From the Role drop-down menu, users can select *ALL (All My Roles) to view a concatenated list of all the tasks enabled for every role that is included in the *ALL role. Alternatively, users can select a particular role from the Role drop-down menu and the system displays only the tasks enabled for that role in the EnterpriseOne Menus.
The "Choose role on Menu filtering page" option is a global setting. When enabled, it applies to all users in the system.
In order for users to filter menus by role:
The system administrator must enable the "Choose role on Menu filtering page" option in P95921.
Users must sign in using *ALL.
Note:
If a user signs in to EnterpriseOne using a particular role instead of *ALL, then the system only displays the tasks in the EnterpriseOne Menus for that role; the user cannot select a different role in the EnterpriseOne Menus.See Also:
At the JD Edwards EnterpriseOne sign-in, you can select one or more roles, depending on how many are assigned to you. If you select *ALL, you enter EnterpriseOne in all of the assigned roles that are flagged as Include in *ALL. Two parameters relate to roles in the workstation jde.ini file. These parameters are defined by the administrator when EnterpriseOne is first configured, so you should not have to perform this task when performing routine administrative tasks. This table shows the parameters, the ini file section in which they are found, and the default settings:
| Parameter | Section | Default Setting |
|---|---|---|
LASTROLE |
[SIGNON] |
*ALL
Defines the role that appears for the user at sign-in. |
Default Role |
[DB SYSTEM SETTINGS] |
*ALL |
The LASTROLE parameter value defines the role that appears in the sign-in screen when EnterpriseOne is launched.
In the Fast Path, enter P0092 to access the User Profiles application.
On Work With User / Role Profiles, perform one of these tasks:
To create a new role, select Add Role from the Form menu.
To modify an existing profile, click the Roles Only option; click Find and select a role in the detail area; and then click Select.
Note:
You cannot add a role by clicking the Add button on the toolbar of the Work With User/Role Profiles form.On Role Revisions, in the Role field, enter a name for the role, such as RECEIVING, and enter a description for the role in the adjacent field.
When you modify a role profile, this field displays the name of the role.
In the Sequence Number field, enter a number to specify the sequence number of the role in relation to other roles.
For a user assigned to more than one role, the sequence number determines which role is chosen when a security conflict exists among the different roles.
Complete any of the remaining fields, as necessary, and click OK.
On a client machine, open the Batch Versions application in EnterpriseOne and run these universal batch engines (UBEs) to migrate generic roles into the environments.
Table Conversion (TC) R89959211 takes all of the current roles in the UGRP field in the Library Lists - User table (F0092) and adds a Description record for them in the Anonymous User Access Table (F00926). Both the role and description are populated with the role name (for example, OWTOOL). A sequence number is added to the record in the F00926 table as well. This sequence number begins at 1500 and increments by 5 with each record that is written.
This TC has no processing options.
The performance of this TC is directly dependent upon the number of *GROUP records in the F0092 table. It should finish quickly.
After processing, this TC produces no report. To verify that the table conversion completed, open the Universal Table Browser (UTB) and check the F00926 table for some of the roles that are defined in the F0092 table. For example, check the field USER for OWTOOL, the field ROLEDESC for OWTOOL, and the field SEQNO for a sequence number that is greater than 1500.
TC R8995921 takes all of the current user profile records in the F0092 table and inserts a user/role relationship record that is based on the F0092.USER and F0092.UGRP tables. The record that is added to the F95921 table contains the user, role (formerly the group for this user in the F0092 table), and effective and expiration dates. Some of these values are based upon the values in the processing options.
The recommended processing option values are:
Final/Proof Modes
It is recommended that the TC be run in proof mode first. This mode inserts records to the F95921 table, but it does not remove the group from the user's profile. After the UBE is successfully run in proof mode, check some of the records in the F95921 table to see if they were added successfully. You can re-run the TC in final mode with the same processing options. A new record is not inserted for the user if the effective date is the same as the previously run TC's effective date, so you only remove the group data from the F0092.UGRP field for that user.
Effective Date
The start date of the role relationship. With current users (those in F0092 table), you want to use the date that the TC is run. (When running in final mode, use the date that the TC was run in proof mode to prevent the system from adding a new set of records into the F95921 table.) This field must not be modified within the role relationship record later.
Expiration Date
The end date of the role relationship. If this date is left blank, the relationship never expires. The role will expire at the beginning of the day of the date that you enter. With the current users (those in the F0092 table), you should leave this blank so they do not expire from their current group or role.
This field can be modified within the role relationship record later.
Included In All
This flag indicates that the security of this role is applied when the user chooses to enter EnterpriseOne under the role of *ALL. Use this flag if a user is being added to a sensitive role, such as Payroll or PVC. This field can be modified within the role relationship record later.
The performance of this TC directly depends upon how many user records are in the F0092 table. It should finish quickly.
This TC produces no report. To verify that the TC completed in proof mode, open the UTB and check the F95921 table for some of the users who were defined in the F0092 table. See that their old group (F0092.UGRP) is now their Role F95921.RLFRROLE. To verify that the TC has completed in final mode, view the F0092 table through the UTB, and verify that no data is in the UGRP fields.
All roles must be assigned a valid sequence number greater than zero in order for the security associated with the role to be applied correctly. The previous UBE and TCs sequence the roles, but probably not in the desired order. Sequence the roles through the Sequence Roles menu option. This displays all of the current roles in a parent/child tree. Expand the tree and view the current sequence number. You can drag and drop these roles into the desired sequence. You must click the exit Set Sequence to commit the roles sequence to the database.
Environments can be added to roles. When a user selects a particular role at sign-in, the environments that are associated with that role appear in the Environment Selection List form. If the user selects *ALL environments, all of the environments that are associated with all of the users roles which have been marked as "included in all" appear in the Environment Selection List form. All environments are validated against the user's pathcode.
Set up the JDE.INI/JAS.INI file
Open the jde.ini file and jas.ini file and verify these settings:
Note:
You should not have to add or change these settings.[SECURITY] DefaultRole=*ALL
[REPLICATION] DefaultRole=*ALL
[SIGNON] LastRole=<Users Last Role> This value is populated when a user signs into JD Edwards EnterpriseOne.
[DB_SYSTEM SETTINGS] DefaultRole=*ALL
Run a PortTest.
Complete these Universal Batch Engines (UBEs) to set up user security.
UBE R98OWPU performs a select distinct on the F98OWSEC table to find all unique combinations of Proxy (System) User and Data Source. After these records are found, the UBE inserts this record into the F98OWPU table. The record contains the Proxy User, Data Source, Password, and audit information.
Note:
This UBE must be run locally because the business function resides only on the client machine.This UBE has no processing options.
The performance of this UBE is directly dependant upon how many system users are associated with user records in F98OWSEC table. It should finish quickly.
To verify that the UBE completed successfully, open the UTB and check the F98OWPU table for some of the system users that are in F98OWSEC table.
If you want to change a system user password, you have to change it only once for each system user and not for every record in the F98OWSEC table that contains the system user.
Run the UBE R98OWUP (Optional)
UBE R98OWUP updates the current F98OWSEC table records, based upon the processing options that you select. This UBE can populate these new fields for current users, as their F98OWSEC table records do not contain values for these options:
Password Change Frequency
Allowed Sign-in Attempts
Enable / Disable User
Daily Password Change Limit
Force Password Change
Set these procession options:
Proof or Final
Indicates whether to run in proof or final mode. Proof mode does not commit records.
Password Change Frequency
For a given user, this option determines the maximum number of days before the system requires a password change.
Allowed Attempts
The number of times that uses can unsuccessfully attempt to log on before their JD Edwards EnterpriseOne account is disabled.
Enable/Disable User
Indicates if the user's account is enabled or disabled. A disabled account is not allowed into JD Edwards EnterpriseOne.
Daily Password Change Limit
The number of times that users can change their password in one day. Because the last ten passwords of a user are stored in the BLOB, it is a security hole to allow users to change their password as many times as they want. If users want to keep their current password, they can change it 11 times in one day so that they are not back to the original.
Force Immediate Password Change
This option requires users to immediately change their password. You might not want to set this option for all users.
The performance of this UBE is directly dependant upon how many system users are associated with user records in the F98OWSEC table. It should finish quickly.
To verify that the UBE completed successfully, access the User Security application (P98OWSEC), and find a user or role whose record should have changed. Verify that the values are correct.
The Work With Role Sequences form contains all of the roles that you defined and enables you to assign a sequence to the roles. The sequence defines a hierarchy of roles and determines which role is used when a security conflict exists among roles when a user signs in as *ALL.
The EnterpriseOne Windows client and Web client differ as to how they use the role sequence to determine which security record is applied. The Web client only checks the first role in the role sequence to determine the security for an application, form, column, row, and so forth. The Windows client checks all the roles in *ALL for security, but uses the role sequence to determine which role to use when there are duplicate security records.
This is an example of duplicate security records in which the Windows client is forced to use the role hierarchy to determine which security record to apply:
A user signs in as *ALL. The *ALL has two roles associated with it—Role 1 and Role 2.
Role 1 = Form A is secured; no access allowed.
Role 2 = Form A is not secured; access allowed.
Because of the conflict in security between these two roles, EnterpriseOne uses the information in the role sequence to determine which role to use for security. If Role 1 was higher in the sequence, then the security for that role is applied.
In this same example, if each of these roles had different security records for the same security type, the system would apply the security as defined by both records. For example, if Role 1 does not allow users to view column A and Role 2 does not allow users to view column B, the user would not be able to view either column on the form.
You can configure the EnterpriseOne Web client to use the same role sequencing functionality as the Windows client. This is recommended if you are migrating from the Windows client to the Web client. To enable this functionality in the Web client, use Server Manager to configure the following setting in the [OWWEB] section of the JAS.INI:
userRoleHierarchy=true
To sequence roles:
In the Fast Path, enter P0092 to access the User Profiles application.
On the Work With User/Role Profiles form, from the Form menu, select Role Sequence.
On Work With Role Sequences, select a role from the tree structure and drag it to the point in the sequence that you want.
Note:
The system checks the sequence of roles in descending order.After you have set the order that you want, select Set Sequences from the Form menu and click Close.
If you decide you do not want to change the sequence, select Close Without Set from the Form menu and click Close.
Use the Work With User/Role Profiles form to assign one or more environments to a role or to change an existing environment for a role. When a user signs in to JD Edwards EnterpriseOne, the Environment Chooser and Role Chooser present each user with a list of valid roles and environments.
In the Fast Path, enter P0092 to access the User Profiles application.
On Work With User / Role Profiles, select the Roles Only option and click Find.
Note:
The Both Users and Roles option also enables you to perform the same task, although the Roles Only option is the simplest way to add an environment.Select a role from the detail area of the grid, and select Environments from the Row menu.
On the User Environment Revisions form, in the Display Seq. (display sequence) column, specify the order in which the environments will be presented in the Environment Chooser at JD Edwards EnterpriseOne sign-in.
In the Environment column, click the search button to select an environment, and then click OK:
Note:
If you want to change an existing environment for a role, enter a new value for the Environment parameter and click OK.In the Fast Path, enter P0092 to access the User Profiles application.
On Work With User / Role Profiles, click Find.
Select a role, and then click Select.
On the Role Revisions form, from the Form menu, select Bus Preferences.
On the Business Preferences form, click the search button in the Industry Code field to associate the role with a specific industry, such as manufacturing.
In the Business Partner Code field, click the search button to associate the role with a specific business partner.
In the Customer Code field, click the search button to associate the role with a specific customer.
After you have defined a role, you can associate users with it and apply security to it to provide the appropriate level of access to EnterpriseOne functions. You can assign more than one user to a role, or you can assign more than one role to a user. To establish a role relationship, you use the Role Relationships application (P95921), which enables you to add, remove, or revise a role relationship for a user. Role relationships are revised by removing an assigned role or by changing the expiration date for an assigned role.
In the Fast Path, enter P95921 to access the Work With Role Relationships form.
Complete the User field and click Find.
The system displays the user's assigned roles and the available roles in separate tree controls.
Select a role from the Available Roles tree control and click the left arrow button to add it to the list of assigned roles.
On the Role Revisions form, enter an effective date if you want an effective date that is different from today's date.
Today's date is the default value for the Effective Date field. If you do not use the default value, enter a date later than today's date; otherwise the software returns an error message.
Enter an expiration date in the Expiration Date field, if one is needed.
The role will expire at the beginning of the day of the date that you enter. The role will not expire if you do not complete the Expiration Date field.
Select the Include in ALL* option if you want the role to be one that the user can play if the user enters JD Edwards EnterpriseOne playing all roles, and click OK.
If you do not select the Include in *ALL option, this role will not be part of the active roles when the user enters EnterpriseOne using *ALL as his role at sign-in. To activate a role that is not included in *ALL, the user must select that particular role when signing on to the system. The role selected will be the only active role during that session.
In the Fast Path, enter P95921 to access the Work With Role Relationships form.
From the Form menu, select Enable Role Chooser.
To enable users to select a role from a list of assigned roles at sign-in, on the Enable/Disable Role Chooser form, select the "Choose role on Login page" option.
If you do not select this option, users must enter JD Edwards EnterpriseOne using *ALL.
To enable users to filter menus by role in the EnterpriseOne Menus, select the "Choose role on Menu Filtering page" option.
Note:
Both the Role Chooser and Menu Filtering Role Chooser options are global settings. When enabled, they apply to all users in the system.In the Fast Path, enter P95921 to access the Work With Role Relationships form.
From the Form menu, select Distribution Lists.
On the Work With Distribution Lists form, complete the Role field and click Find.
To add a role to the distribution list, select a role from the Available Roles tree control and click the left-arrow button.
On Role Revisions, complete these fields and click OK:
Effective date
Enter an effective date if you want the delegation to occur at a date other than the current date.
Expiration date
Include in *All
Select this option if you want the role to be one that the user can use if the user enters EnterpriseOne playing all roles.
Select the *ALL option if you want the role to be one that the user can play if the user enters JD Edwards EnterpriseOne playing all roles.
EnterpriseOne adds the role to the Assigned Roles tree control.
To remove a role from the distribution list, select a role from the Assigned Roles tree control and click the right-arrow button.
Note:
JD Edwards EnterpriseOne does not currently support multilevel roles.In the Fast Path, enter P95921 to access the Work With Role Relationships form.
From the Form menu, select Roles Delegation.
On the Work With Delegation Relationships form, complete the Delegate field by entering the user ID of the user being delegated to and click Find.
The roles of the user who is delegating appear in the Available Roles tree control. The roles of the user who is being delegated to appear in the Assigned Roles tree control.
To delegate a role, select the role from the Available Roles tree control and click the left-arrow button.
Complete these fields and click OK:
Effective date
Enter an effective date if you want the delegation to occur at a date other than the current date.
Expiration date
Select the *ALL option if you want the role to be one that the user can play if the user enters EnterpriseOne playing all roles.
EnterpriseOne adds the delegated role to the Assigned Roles tree control on the Work With Delegation Relationships form.
Note:
You can use the right-arrow button in the Work With Delegation Relationships form only to remove a role that you delegated to another user. If you try to remove a role that you did not delegate to the user, the software will display a dialog box notifying you that the action is invalid.The Add Roles to User form enables you to copy one or more role relationship records to a single user, which is a particularly useful action if you want the user to play many roles. You can copy as many records as you want at one time.
In the Fast Path, enter P95921 to access the Work With Role Relationships form.
From the Form menu, select Add Roles to User.
Complete the User ID field and click Find.
Select the roles that you want to add to the user and click Select.
Hold down the Control key to select more than one role to add.
On the Role Revisions form, complete these fields:
Effective Date
Enter a date if you want the effective date to be different from the current date.
Expiration Date
The role will expire at the beginning of the day of the date that you enter.
Include in *All
Select the *ALL option if you want the role to be one that the user can play if the user enters JD Edwards EnterpriseOne playing all roles.
Click OK.
If you are adding more than one role relationship record, complete the Role Revisions form for each record that you are adding.
In the Fast Path, enter P95921 to access the Work With Role Relationships form.
Select Add Users to Roles from the Form menu.
Complete the Role field and click Find.
Select the users that you want to add to a role and click Select.
Hold down the Control key to select more than one user to add.
In the Role Revisions form, complete these fields:
Effective Date
Enter a date if you want the effective date to be different from the current date.
Expiration Date
Include in *All
Select the *ALL option if you want the role to be one that the user can play if the user enters JD Edwards EnterpriseOne playing all roles.
Click OK.
If you are adding more than user record, complete the Role Revisions form for each record you are adding.
You can copy the role relationship records of one user to another from Role Relationships (P95921). You can either copy and add the records, which means that EnterpriseOne adds the copied records to the user's existing records; or you can copy and replace the records, which means that the copied records replace the user's existing records.
In the Fast Path, enter P95921 to access the Work With Role Relationships form.
Complete the User field and click Find.
The user's roles appear in the Assigned Roles tree control.
Click Copy.
On the Copy User Roles form, select one of these options:
Copy and Add
Copy and Replace
Complete the To User field to specify the user to whom you want the records copied.
Click OK.
Using the Language Role Description Revisions form, you can either set up the translation of any role that you have defined, or you can change role descriptions for any language.
If you want to view the descriptions of any role in all the languages into which it is being translated, use the Work With Language Role Description form.
In the Fast Path, enter P0092 to access the User Profiles application.
On Work With User/Role Profiles, select the Roles Only option.
Note:
The Both Users and Roles option also enables you to perform this task.Select a role from the detail area of the grid and select Role Description from the Row menu.
To add a language to a role, click Add.
On the Language Role Description Revisions form, in the Role field, enter the name of the role to which you want to add a language.
In the Language field, click the search button to select a language from the list of supported languages.
Enter a description of the role in the Role Description field, and then click OK.