1 Introduction to EnterpriseOne Security

This chapter contains the following topics:

1.1 Introduction to EnterpriseOne Security

Oracle's JD Edwards EnterpriseOne Tools provides security applications, reports, and features to help you protect your company's sensitive application data. EnterpriseOne authentication security ensures that only authenticated users can sign in to EnterpriseOne. Authorization security ensures that EnterpriseOne users have access to only the applications and features that they are authorized to use.

In addition, EnterpriseOne enables you to set up security for developers who use Object Management Workbench (OMW) to add and modify objects for custom applications. Setting up developer security ensures that developers can only perform certain actions in OMW based on pre-defined responsibilities.

EnterpriseOne also includes reports that you can use for security auditing purposes, as well as auditing features for supporting the 21 CFR Part 11 auditing regulations.

Before you use the EnterpriseOne administration applications to properly set up authentication security, authorization security, developer security, and security auditing, it is important that the overall infrastructure of a deployed JD Edwards EnterpriseOne system is properly secured. See Part II, "Secure Installation and Configuration"in this guide for more information.

1.2 Concepts and Terminology

You should familiarize yourself with the following terms and concepts before reading the contents of this guide:

Access provisioning

The process of setting up user and role profiles in EnterpriseOne for sign-in security (authentication) and authorization security.

Authentication

The process of verifying that users signing into EnterpriseOne are valid EnterpriseOne users.

Authorization

The process of granting or denying users access to EnterpriseOne applications, features, data, and data sources. In EnterpriseOne, most authorization security is applied at the object level through Security Workbench.

Object-level security

A type of authorization security that enables you to secure specific EnterpriseOne objects such as applications, forms, and various other EnterpriseOne features. Object-level security provides flexibility and a higher level of security integrity.

Developer security

Security that determines the actions developers can perform when customizing or developing EnterpriseOne applications in Object Management Workbench (OMW). Actions can include checking out and checking in objects, promoting objects, transferring objects, removing objects, and so forth. OMW's automation relies on an administrator who carefully configures these actions.

Security auditing

EnterpriseOne contains a set of reports and tools than enable you to audit sign-in security records (for authentication) and object security records (for authorization), as well other security-related information. In addition, EnterpriseOne contains electronic signature and auditing tools that enable your organization to comply with the FDA 21 CFR Part 11 regulation for submitting electronic records.

Data encryption

The process of transforming information into code so that it cannot be read by a third-party system. EnterpriseOne encrypts user passwords stored in the database.

Data privacy

In EnterpriseOne, Address Book data security enables you to restrict users from viewing Address Book information that is determined as private, personal data. An administrator can use the Address Book Data Permissions application (P01138) to set up Address Book data security.

Data masking

Customizing a field so that specified characters are embedded in place of sensitive data that appears in applications. This prevents sensitive data from being displayed to unauthorized users. A developer enables data masking through the Data Dictionary application (P92001), which is part of the EnterpriseOne suite of development tools used to customize or create customized applications. For more information about data masking, see "Display Rule" in the JD Edwards EnterpriseOne Tools Data Dictionary Guide.

Secure Socket Layer (SSL)

A security protocol that you can apply to various EnterpriseOne servers that provides communication privacy. SSL enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery.

*PUBLIC

A special ID within EnterpriseOne that automatically includes all users within it. This option controls security for all users who are designated by ID type *PUBLIC in the User or Role field. You can use this ID to apply security even if you do not have a specific record set up for it in user profiles.

Security overrides

Security records that operate as exceptions to existing security records. Security overrides specify that users are unsecured from an EnterpriseOne object. In other words, security overrides allow users access to a particular object, even if another security record in the system specifies that access is not allowed.