26 Setting Up Address Book Data Security

This chapter contains the following topics:

26.1 Understanding Address Book Data Security

The Address Book data security feature enables you to restrict users from viewing address book information that you have determined is private, personal data. After performing the required setup for this feature, secured users can see the fields that you specify as secured, but the fields are filled with asterisks and are disabled. You can set up data security for these fields:

  • Tax ID

  • Addl Ind Tax ID (additional tax ID)

  • Address

    Includes Address Lines 1-7, City, State, Postal Code, Country, and County.

  • Phone Number

    Includes phone number and phone prefix.

  • Electronic Address

    Includes only electronic addresses with Type E.

  • Day of Birth, Month of Birth, and Year of Birth.

  • Gender

Note:

In addition to these fields, the system enables you to designate up to eight other user-defined fields as secured. Included in the eight fields are: five string, one math numeric, one character, and one date type. To secure additional fields, you must modify the parameter list in the call to the business function B0100095. For example, if you want to designate Industry Class as a secured field, you must modify the call to the B0100095 business function to map Industry Class in the parameter list.

The Address Book data security feature provides an additional level of security by not allowing secured users to locate valid personal information using the query based example (QBE) line. For example, if a user enters numbers in the Tax ID field of the QBE line, the system does not display the matching record in the event that the user happens to enter a valid tax ID number.

Setting up Address Book data security involves these steps:

  1. Selecting the Activate Personal Data Security constant in the Address Book Constants.

    Personal data security is inactive unless the Activate Personal Data Security constant is selected.

  2. Setting up permission list definitions.

    Use the Address Book Data Permissions application (P01138) to create one or more permission lists that specify which fields in the Address Book are secured.

  3. Setting up permission list relationships.

    Use the Permission List Relationships application (P95922) to determine the users or roles that are subject to each permission list.

After you set up Address Book data security, users cannot view information in the fields that you specify as secured. The secured fields appear as asterisks and the system disables these fields for updates. However, users can view their own secured address book information. Also secured fields are not protected when adding new address book records.

In addition to storing Address Book privacy data in the Address Book Data Permission List Definition table (F01138), the system stores privacy data in these tables:

  • Address Book-Who's Who (F0111)

  • Address Book-Phone Numbers (F0115)

  • Address by Date (F0116)

During processing, when the system encounters a record that has privacy data, that record will not appear in reports, Universal Batch Engine (UBE) results, the Data Browser, and the Universal Table Browser (UTB).

26.1.1 Additional Level of Private Data Security

In addition to storing Address Book privacy data in the Address Book Data Permission List Definition table (F01138), the system stores privacy data in these tables:

  • Address Book-Who's Who (F0111)

  • Address Book-Phone Numbers (F0115)

  • Address by Date (F0116)

When a user runs a report or an application other than the Address Book (such as a Universal Batch Engine report, the Data Browser, or the Universal Table Browser), if EnterpriseOne encounters secured private data in any of the tables in the preceding list, records or columns with secured data do not display in the results. The results displayed depend on whether the fetch is over one or multiple tables. If the fetch is over one table with a secured field, the records that contain secured private data do not appear in the output. If a fetch is over a business view with two tables, the records are displayed, but the columns with secured private data are blank.

For example, if an administrator configures private data security to prevent users of a role from viewing the Tax ID for search type E, and the Who's Who application is launched for an address book record with search type E, a user assigned to this role cannot view records for this Address Book record in the Who's Who application.

Note:

When Address Book data security is configured, you can either enable or disable the additional level of security that prevents secured private data from appearing in other applications and output. See Enabling or Disabling Secured Private Data from Displaying in Other Applications and Output for more information.

26.2 Prerequisites

Select the Activate Personal Data Security constant in the Address Book Constants.

See "Setting Up the JD Edwards EnterpriseOne Address Book System" in the JD Edwards EnterpriseOne Applications Address Book Implementation Guide.

Set up users and roles in the User Profiles application (P0092) for each user that you want to secure from Address Book information.

See Setting Up User Profiles.

26.3 Setting Up Permission List Definitions

This section provides an overview of permission list definitions and discusses how to set up permission list definitions.

26.3.1 Understanding Permission List Definitions

The Permission List Definition application enables you to create multiple lists that determine which Address Book fields are secure. When you create permission lists, you specify a permission list name and a search type, and then select each field that you want to secure. The system stores permission list definitions in the F01138 table.

26.3.2 Forms Used to Set Up Permission List Definitions

Form Name FormID Navigation Usage
Work With Permission List Definitions W01138A Enter P01138 in the Fast Path. Review existing permission list definitions.
Add/Edit Permission List Definitions W01138B Select Add from the Work With Permission List Definitions form. Create new permission list definitions or revise existing definitions.

26.3.3 Creating Permission List Definitions

Access the Add/Edit Permission List Definitions form.

After entering the Permission List Name and the Search Type, select each field that you want to secure.

Permission List Name

Enter a name for the permission list. Enter up to 15 alphanumeric characters.

Search Type

Select the search type for which the permission list applies.

26.4 Setting Up Permission List Relationships

This section provides an overview of permission list relationships and discusses how to set up permission list relationships.

26.4.1 Understanding Permission List Relationships

After you set up permission list definitions, use the Permission List Relationships application to assign them to previously defined user IDs and roles. You can attach a user ID or role to only one permission list. The system stores permission list relationships in the F95922 table.

26.4.2 Forms Used to Create Permission List Relationships

Form Name FormID Navigation Usage
Work With Permission List Relationships W95922A Enter P95922 in the Fast Path. Search for a permission list.
Maintain Permission List Relationships W95922D Click Select on the Work With Permission List Relationships form. Set up permission list relationships.

26.4.3 Creating Permission List Relationships

Access the Maintain Permission List Relationships form.

  1. In the User or Role field, enter the User ID or Role that you want to attach to a permission list, and then click the find button.

  2. Click the right arrow button to attach a User ID or Role to a permission list.

  3. Click the left arrow button to remove a User ID or Role from a permission list.

26.5 Enabling or Disabling Secured Private Data from Displaying in Other Applications and Output

EnterpriseOne provides INI file settings to enable or disable the displaying of records with secured private data in applications and output other than the Address Book.

The settings for enabling and disabling this additional level of private data security are located in the JDBJ.INI file on the HTML Server and the JDE.INI file on the Enterprise Server. Use Server Manager to modify these settings:

INI File Section and Setting Values
JDBJ.INI on the HTML Server [JDBj-RUNTIME PROPERTIES]

enableDataPrivacySkipRecord=

Values are:

true: Excludes records with secured data from all other output sources.

false (or leave blank): This is the default. Allows records with secured data to appear in other output sources.

JDE.INI file on the Enterprise Server [DB SYSTEM SETTINGS]

enableDataPrivacySkipRecord=

Values are:

true: Excludes records with secured data from all other sources of output.

false (or leave blank): This is the default. Allows records with secured data to appear in other output sources.


For more information about modifying INI file settings in Server Manager, see the JD Edwards EnterpriseOne Tools Server Manager Guide.