24 Managing Security for User Defined Objects

This chapter contains the following topics:

24.1 Understanding Security for User Defined Objects

EnterpriseOne provides features for users to create custom grid formats, watchlists, queries, and other items, which are saved as user defined objects (UDOs) in EnterpriseOne. For example, if a user creates a query using the Query Manager, the query is saved as a UDO in an EnterpriseOne table. For a complete list of the types of UDOs users can create, see UDO Types in the JD Edwards EnterpriseOne Tools Using and Approving User Defined Objects Guide.

EnterpriseOne provides UDO security features in the Security Workbench to control:

  • Which UDO features are available in EnterpriseOne.

  • Who can create UDOs for their own personal use.

  • Who can request to publish (or share) UDOs with other users.

  • Who can modify shared UDOs created by other users.

  • Who can view/use shared UDOs created by other users.

Table 24-1 describes the UDO security features available in EnterpriseOne.

Table 24-1 UDO Security Options in Security Workbench

UDO Security Type Description

Feature

UDO feature security activates or deactivates each UDO feature globally in the EnterpriseOne system.

UDO features are secure by default; they are not available in EnterpriseOne until you activate them in the "Revise Feature Enablement" form in the Security Workbench.

Action

UDO action security determines the actions users can perform with a particular UDO feature. UDO action security is set up by UDO feature for a user, role, or *PUBLIC (all users). UDO Action security options include:

  • Create. Authorize users to create UDOs for their own personal use.

  • Create and Publish. Authorize users to create and share personal UDOs with other users.

  • Create, Publish, and Modify. Includes the preceding permissions plus the ability to modify UDOs created by other users.

View

UDO view security authorizes access to shared UDOs. You can apply UDO view security to each individual shared UDO for a user, role, or *PUBLIC. Or you can apply UDO view security to all shared UDOs of a particular UDO type.

(Release 9.2.4) Beginning with Tools Release 9.2.4, as part of view security, system administrators can restrict access to the base EnterpriseOne forms so that users can access only the personalized forms and not the base forms.

Content (Composite Page and Application Framework UDOs only) (Release 9.2.0.2)

UDO content security applies to Composite Page and Composite Application Framework UDOs. In addition to setting up view security for Composite Page and Composite Application Framework UDOs, you must also set up content security to authorize users to view or work with the contents of a Composite Page and Composite Application Framework UDO.


24.1.1 Understanding the Process for Sharing UDOs

When a user has permission to "Create and Publish" UDOs, the user can click the Request to Publish button in the UDO feature, which submits the UDO to the User Defined Object Management (P98220U) application. A designated user or system administrator uses P98220U to review UDOs before approving them. When approved, the status of the UDO changes to "Shared," at which point an administrator can set up UDO view security to grant users access to the UDO if a view security record does not already exist for UDOs of a particular type. See Managing UDO View Security for more information.

For more information on how to manage UDOs in P98220U, see the JD Edwards EnterpriseOne Tools Using and Approving User Defined Objects Guide.

24.2 Example of a UDO Security Implementation

Company A wants to implement UDO features in EnterpriseOne with the following criteria:

  • Allow only supervisors in the Purchasing department to create One View reports and queries for the purpose of sharing with other users in the department.

  • Allow all members of the Purchasing department to use shared UDOs created by the supervisors.

  • (Release 9.2.4) Restrict access to the base forms of the Sales Order Entry application so that all members of the Sales department can only access the personalized forms.

Based on these criteria, Company A will need to perform the following tasks:

  1. Activate the One View Reports Manager and Query Manager features in the "Revise Feature Enablement" form in Security Workbench. This displays these features globally in all applicable EnterpriseOne applications and forms.

  2. Set up two UDO action security records: one that enables members of the Purchasing supervisors role to create and share One View reports; one that enables members of the Purchasing supervisors role to create and share queries.

  3. Set up UDO view security to determine which users can use the shared One View reports and queries.

  4. (Release 9.2.4) Configure base form security for the Sales Order Entry application to determine which users are restricted from accessing the base form.

24.3 Prerequisites

You must perform the following prerequisites before you can set up UDO security:

24.3.1 Define Allowed Actions for UDO Types

Before setting up security for user defined objects, each UDO type (grid format, query, EnterpriseOne page, and so forth) must be set up with the proper "Allowed Actions" in the OMW Configuration System (P98230) application. This enables processing and management of user defined objects in the Web Object Management Workbench. If the allowed actions are not set up for each UDO type, you cannot set up security for user defined objects.

The "Configuring Activity Rules" chapter in the JD Edwards EnterpriseOne Tools Object Management Workbench for the Web Guide describes how to set up allowed actions in P98230. When setting up allowed actions for each UDO type:

  • For the default project at status 21, use:

    From Project Status = 21

    To (Project Status) = 21

  • For each UDO type, apply the following allowed actions:

    05 (Check-Out/Get/Reserve)

    02 (Delete Only)

    04 (Check-in/Publish)

The following image shows the allowed actions defined for the grid format UDO type:

Description of udo_allwd_actns.png follows
Description of the illustration ''udo_allwd_actns.png''

24.3.2 Enable Access to UDO Security and Administration Applications

A security administrator must enable access to the following UDO security and administration applications before setting up UDO security:

Note:

This section includes recommendations for the types of users you should authorize access to the UDO security and administration applications. You can adapt these recommendations based on your company's needs.
  • User Defined Object Management (P98220U) application.

    This is the application for approving UDOs for sharing with other users. Oracle recommends that only an administrator, manager, or power user responsible for approving UDOs has access to this application. Typically, the approver of a shared UDO should not be the same as the user who created the UDO. Use EnterpriseOne Application security in Security Workbench to secure this application. See Managing Application Security in this guide.

  • Work With User Defined Object View Security application (P00950UO).

    This application is accessible from the User Defined Object Management (P98220U) application, the application used for approving UDOs. It is an alternative to setting up UDO view security through the Security Workbench. This form gives you the option of providing a non-Security Workbench user, or the same user who is responsible for reviewing and approving shared UDOs in P98220U, the ability to set up view security for shared UDOs. All view security records created in this application are reflected in the view security form in Security Workbench. Use Hyper Exit security in the Security Workbench to authorize access to this form from P98220U. See Managing Hyper Exit Security in this guide.

  • Object Management Workbench for the Web (Web OMW).

    This application is used to manage the life cycle of user defined objects. Oracle recommends that only developers and system administrators have access to this application.

    In addition to determining who has access to Web OMW, you have to define the actions that Web OMW users can perform, for example which users are allowed to check out and modify a UDO through the Web OMW, check in a UDO, advance a UDO to another status, and so forth. See Configuring OMW User Roles and Allowed Actions in this guide for more information.

In addition to the preceding applications, the Security Workbench contains forms for setting up UDO feature, action, content and view security. Only security administrators who have access to the Security Workbench have access to these forms.

24.4 Managing UDO Feature Security

UDO features are not available in EnterpriseOne until you activate the features through the Revise Feature Enablement form in Security Workbench.

To activate or deactivate UDO features: 

  1. On Work With User/Role Security in the Security Workbench (P00950), select the Form menu, Feature Security.

  2. On Revise Feature Enablement, select the row for the UDO feature you want to activate or deactivate.

  3. In the Access column, click the icon to toggle the status to active or inactive.

    If the green circle is displayed in the Access column, the feature is active. If the red square is displayed, the feature is inactive. Also, you can hover your cursor over the icon to display the status in text.

Important:

When you change the status of a UDO feature to active or inactive, EnterpriseOne displays a message reminding you to clear security cache for the changes to take effect. Security cache must be cleared on the EnterpriseOne HTML Server (JAS Server). You can clear this cache using Server Manager.

24.5 Managing UDO Action Security

Set up action security for a user, role, or *PUBLIC (all users) to determine the actions users can perform when using a UDO feature. UDO action security is set up by UDO feature.

Important:

You must activate the UDO feature in EnterpriseOne before setting up UDO action security. See Managing UDO Feature Security.

The following list describes the actions you can allow users to perform:

  • Create. Enables users to create user defined objects for personal use. Without this permission, users can only use shared UDOs to which they have been granted access through UDO view security.

  • Create and Publish. Enables users to create and "Request to Publish" UDOs to share UDOs with other users. "Create and Publish" security inherits the "Create" permission.

    With this permission, a user can select the "Request to Publish" button to share a UDO. However, the UDO must be approved before it can be shared with other users. For more information on how to approve UDOs in P98220U, see the JD Edwards EnterpriseOne Tools Using and Approving User Defined Objects Guide.

  • Modify. Enables users to modify shared UDOs. "Modify" action security inherits "Create" and "Create and Publish" permissions.

When setting up UDO action security, remember that application security supersedes UDO action security. That is, users can only work with UDOs in applications to which they have been granted access through Security Workbench application security.

UDO action security records can be set up for a particular application, form, or application version. Or you can use *ALL (all objects) to apply action security to all applications, forms, application version in which the UDO feature exists. You also have the option to apply UDO action security to a particular EnterpriseOne product code or reporting code.

Important:

If you add, modify, or delete action security, users must clear the cache in their browser for the changes to take effect.

To set up UDO Action security: 

  1. On Work With User/Role Security in the Security Workbench (P00950), select the Form menu, User Defined Object, Action.

  2. On Work With User Defined Object Action Security, click the Add button.

  3. On User Defined Object Action Security, click the search button in the Object Type field and select a UDO type.

    Note:

    You can ignore the DATABROWSE option. This option is for setting up Data Browser security. For more information, see Adding Data Browser Security through the UDO View Security Form (Alternative Method) in this guide.
  4. In a row in the grid, complete the following fields to create a security record for the selected UDO type:

    Note:

    In each cell, you can click the search button to search for specific values. The search form displays only the objects that make use of the UDO feature.
    • User/Role. Enter a specific user, role, or *PUBLIC (for all users).

    • App/Object Name. Enter the application ID of the application to which you want to apply the UDO action security. Enter *ALL to authorize the user to perform actions in any application in which the UDO feature appears.

    • Form Name. Enter a form ID if you want the security to apply to a specific form in the application. Or you can enter *ALL for all forms.

    • Version. Enter a version if you want the security to apply to a specific version of the application. Or you can enter *ALL for all versions.

    • Product Code and Reporting Code. If you entered a specific application, form, or version, these fields automatically change to *ALL (all product codes or all reporting codes) and you cannot modify them. If you entered *ALL for the application, form, and version, you can enter a specific product or reporting code to which you want to apply security. You can enter *ALL for all product codes.

    • Access Level. Click the drop-down menu to select one of the following action security levels:

      • Create

      • Create and Publish

      • Create, Publish, Modify

      • Disable Create, Publish, and Modify

        Use this last option to expedite the creation of UDO action security records. For example, if you want to authorize all but two members of a role to "create, publish, and modify" UDOs, you create one record for the role authorizing "Create, Publish, Modify;" and then create two records using this "Disable Create, Publish, and Modify" option to prevent the two users from creating UDOs.

  5. As an alternative to using the Access Level drop-down menu, you can click the icons in the Create, Publish, or Modify columns to activate or deactivate the action security level. A green circle indicates the action is active, a red square indicates the action is inactive.

    When using the icons to select the security level, the security level is reflected in the Access Level column in the grid.

  6. Click the Save button to save the record.

To modify UDO action security: 

  1. In Security Workbench, select the Form menu, User Defined Object, Action.

  2. On Work With User Defined Object Action Security, click the Find button to access Action security records. You can refine the search by using filter fields in the header row of the grid.

  3. Click the icons in the following columns to modify the UDO action security:

    • Create

    • Publish

    • Modify

      The Access Level field in the row will change to reflect the modified action security.

      Also, a warning appears reminding you to clear the security cache for the changes to take effect.

To delete UDO action security: 

  1. In Security Workbench, select the Form menu, User Defined Object, Action.

  2. On Work With User Defined Object Action Security, click the Find button to access Action security records. You can refine the search using the filter fields in the header row of the grid.

  3. Click the check box next to the records you want to delete and then click the Delete button.

    Note:

    To disable UDO action security, you do not have to delete the UDO action security record. Instead, you can disable the security record by making it inactive. This enables you to save the record in case you choose to make it active again at another time.

24.6 Managing UDO View Security

This section contains the following topics:

24.6.1 Understanding UDO View Security

Set up UDO view security to authorize access to shared UDOs. Shared UDOs are secure by default; other users cannot access them unless authorized to do so through UDO view security.

How Does a UDO Become a "Shared UDO"?:

To share a UDO, the creator of the UDO has to click the "Request to Publish" button, which sends it through an approval process. After the UDO is approved by an approver in the User Defined Object Management (P98220U) application, it is considered a "shared UDO."

See Also: JD Edwards EnterpriseOne Tools Using and Approving User Defined Objects Guide for information on how to approve UDOs.

You can set up UDO view security for:

  • Individual shared UDOs.

  • All shared UDOs of a particular UDO type. Instead of specifying the name of a particular shared UDO, you can enter *ALL for the "User Defined Object Name" to gives users access to all shared UDOs of a particular UDO type. For example, for grid formats, if you enter *ALL instead of the name of a particular shared grid format, users will be able to access all grid formats that are shared.

    Important:

    You cannot use *ALL for Classic EnterpriseOne Pages and Composed Pages. This restriction prevents users from being able to access all Classic and Composed Pages from the EnterpriseOne Welcome screen. (Release 9.2.0.2)

    Note:

    You must first request to share the Classic EnterpriseOne Page and receive View permissions from your system administrator before your page is available in run time.
  • (Release 9.2.4) *BASE value for the personal forms UDO type.

    System administrators can use the *BASE value to restrict access to an EnterpriseOne form so that users can access only the personalized forms available to them and not the base form.

    Important:

    When setting up base form security using the *BASE value, system administrators cannot use a combination of *ALL in the Application Name column and *BASE in the User Defined Object Name column. This restriction prevents system administrators from restricting access to all applications.

You set up UDO view security records for a user, role, or *PUBLIC (all users). In addition, you can define a particular application, form, application version, product code, or reporting code to which to apply the security. Or you can use *ALL (all objects) to apply view security to all applications, forms, application version to which the user has access.

EnterpriseOne provides two versions of the "Work With User Defined Object View Security" form:

  • W00950UOG. Access this form through Security Workbench. Use this form to set up view security for individual UDOs or all shared UDOs of a particular UDO type. Setting up view security for all shared UDOs of a particular UDO type can only be performed using this form. Starting with EnterpriseOne Tools Release 9.2.3, you can access W00950UOG from the User Defined Object Management (P98220U) application.

  • W00950UOK. Access this form outside of Security Workbench through the User Defined Object Management (P98220U)application, the application for reviewing, approving, or rejecting UDOs submitted for sharing. This enables you to allow the same user approving UDOs to set up view security for the objects. Oracle recommends using this application to set up UDO view security for individual shared UDOs.

Updates to UDO view security in either form are reflected in both forms.

24.6.2 Managing UDO View Security from Security Workbench

Access the W00950UOG form in Security Workbench to set up view security for individual UDOs or all shared UDOs of a particular UDO type. Setting up view security for all shared UDOs of a particular UDO type can only be performed using this form.

Important:

If you add, modify, or delete view security, users must clear the cache in the browser for the changes to take effect.

To set up UDO view security for all shared UDOs of a particular UDO type: 

  1. On Work With User/Role Security in the Security Workbench (P00950), select the Form menu, User Defined Object, View.

    Alternatively, on Work with User Defined Objects (P98220U), select the Form menu, and then select View Security. (Release 9.2.3)

  2. On Work With User Defined Object View Security (W00950UOG), click the Add button.

  3. On User Defined Object View Security, click the search button in the Object Type field and select a UDO type. For a complete list of User Defined Objects, see the JD Edwards EnterpriseOne Tools Using and Approving User Defined Objects Guide.

    Note:

    For IMAGE UDOs, view security is set up by default. Users can access all the shared images. (Release 9.2.0.2)
  4. In the first row in the grid, complete the following columns:

    • User/Role. Enter a user, role, or enter *PUBLIC for all users.

    • Application Name. If you want access to shared UDOs limited to a particular application, enter the application ID. Or you can enter *ALL if you want the shared UDO to be available in all applications.

    • Form Name. If you want access to shared UDOs limited to a particular form, enter the form ID. Enter *ALL for all forms.

    • Version. If you want access to shared UDOs limited to a particular application version, enter the version ID. Or you can enter *ALL for all versions.

    • User Defined Object Name. Enter *ALL to allow access to any shared UDO of the selected UDO type (Object Type).

    • Product Code and Reporting Code. If you entered a specific application, form, or version, these fields automatically change to *ALL (all product codes or all reporting codes) and you cannot modify them. If you entered *ALL for the application, form, and version, you can enter a specific product or reporting code to which you want to apply security. Enter *ALL for all product codes.

  5. Click the Save button.

To set up view security for individual shared UDOs: 

  1. In Security Workbench (P00950), select the Form menu, User Defined Object, View.

    Alternatively, on Work with User Defined Objects (P98220U), select the Form menu, and then select View Security. (Release 9.2.3)

  2. On Work With User Defined Object View Security, click the Add button.

  3. On User Defined Object View Security, click the search button in the Object Type field and select a UDO type. For a complete list of User Defined Objects, see the JD Edwards EnterpriseOne Tools Using and Approving User Defined Objects Guide.

    Note:

    For IMAGE UDOs, view security is setup by default. Users can access all the shared images. (Release 9.2.0.2)
  4. In the first row in the grid, complete the following columns:

    Tip:

    Use the Work with User Defined Objects application (P98220U) to generate a list of shared UDOs. In the grid, you can export the shared UDO records to a spreadsheet so you can easily see detailed information about the shared UDOs.
    • User/Role. Enter a user, role, or enter *PUBLIC for all users.

    • Application Name. If you want access to a shared UDO limited to a particular application, enter the application ID. You can enter *ALL if you want the shared UDO to be available in all applications.

    • Form Name. If you want access to a shared UDO limited to a particular form, enter the form ID. Or you can enter *ALL for all forms.

    • Version. If you want access to a shared UDO limited to a particular application version, enter the version ID. You can enter *ALL for all versions.

    • User Defined Object Name. Enter the name of the shared UDO.

    • Product Code and Reporting Code. If you entered a specific application, form, or version, these fields automatically change to *ALL (all product codes or all reporting codes) and you cannot modify them. If you entered *ALL for the application, form, and version, you can enter a specific product or reporting code to which you want to apply security. Enter *ALL for all product codes.

  5. Click the Save button.

To modify UDO View security: 

  1. In Security Workbench (P00950), select the Form menu, User Defined Object, View.

    Alternatively, on Work with User Defined Objects (P98220U), select the Form menu, and then select View Security. (Release 9.2.3)

  2. On Work With User Defined Object View Security, click the Find button to load the UDO view security records in the grid.

    You can use the filter fields in the header row of the grid to refine your search.

  3. In the View column, click the icon in the row to change the status to Active or Inactive.

    A green circle indicates the security record is active. A red square indicates the security record is inactive. You can hover over the icon to display the status in text.

To delete UDO View security: 

  1. In Security Workbench (P00950), select the Form menu, User Defined Object, View.

    Alternatively, on Work with User Defined Objects (P98220U), select the Form menu, and then select View Security. (Release 9.2.3)

  2. On Work With User Defined Object View Security, click the Find button to load the UDO view security records in the grid.

  3. Click the check box next to the records that you want to delete, and then click the Delete button.

    Note:

    To disable UDO view security, you do not have to delete the security record. Instead, you can disable the security record by making it inactive. This enables you to save the record in case you choose to make it active again in the future.

24.6.3 Managing UDO View Security from P98220U

In P98220U, you can access a version of the Work With User Defined Object View Security form (W00950UOK) to set up UDO view security. This enables the same user approving UDOs to easily set up view security for the UDOs.

Important:

You must set up permissions to allow access to W00950UOK from P98220U. See Enable Access to UDO Security and Administration Applications for more information.

In P98220U, you can select one or more UDOs that have been approved for sharing (UDO Status = Shared) and then access W00950UOK to set up view security for the selected records. If multiple shared UDOs were selected in P98220U, the first record is displayed in the header area on the View Security for User Defined Object tab. The following illustration shows the first of three shared UDO records:

This image is described in surrounding text.

On this form, you can:

  • Revise any existing view security records for the selected UDO. If view security was already applied to the UDO, a list of the view security records for the UDO would appear in the grid. In the preceding example, there are no view security records, so you would have to click the Revise View Security tab to set up view security.

  • Select the Revise View Security tab to add view security records for the selected UDO.

  • If multiple UDOs were selected in P98220U, you can click the right directional arrow to access and set up view security for the other UDOs.

Important:

If you add, modify, or delete view security, users must clear the cache in the browser for the changes to take effect.

Navigation to P98220U: On the EnterpriseOne Welcome Page, select the Navigator menu, EnterpriseOne Menus, EnterpriseOne Life Cycle Tools, System Administration Tools, User Defined Object Tools, User Defined Object Administration.

To create UDO view security records in W00950UOK: 

  1. On Work with User Defined Objects, in the "View User Defined Objects On" area, select the Shared User Defined Objects option to load all shared UDOs in the grid.

    Shared UDOs have been approved for sharing and have a status of "Shared" in the Status Description column.

  2. You can use the User Defined Object Status and User Defined Object Type fields in the header area or the filter fields in the header row in the grid to refine your search.

    Surrounding text describes ww_usr_dfn_obj_modify.png.
  3. In the first column in the grid, click the check box of the shared UDO for which you want to set up view security.

    You can select multiple rows to set up view security for multiple UDOs.

  4. Select the Row menu, Advanced, Security.

    EnterpriseOne displays the shared UDOs in the Work With User Defined Object View Security form. If you selected multiple records, the first record is displayed in the header area. You can click the right arrow to access each shared UDO record for which you want to set up view security.

  5. On Work With User Defined Object View Security (W00950UOG), click the Revise View Security tab.

  6. In the first row in the grid, complete the following columns:

    • User/Role. Enter a user, role, or enter *PUBLIC for all users.

    • Application Name. If you want access to a shared UDO limited to a particular application, enter the application ID. Or you can enter *ALL if you want the shared UDO to be available in all applications.

    • Form Name. If you want access to a shared UDO limited to a particular form, enter the form ID. You can enter *ALL for all forms.

    • Version. If you want access to a shared UDO limited to a particular application version, enter the version ID. You can enter *ALL for all versions.

    • Product Code and Reporting Code. If you entered a specific application, form, or version, these fields automatically change to *ALL (all product codes or all reporting codes) and you cannot modify them. If you entered *ALL for the application, form, and version, you can enter a specific product or reporting code to which you want to apply security. Enter *ALL for all product codes.

  7. In the View column, click the icon to activate the security record.

    A green circle indicates that the security record is active. A red square indicates that the security record is inactive. You can hover over the icon to display the status in text.

    By default, view security is inactive unless you make it active. You must make sure that view security is active for users to use the shared UDO.

  8. Click the Save button.

  9. If you make a mistake and save a record that you do not want to keep, before exiting the form, select the record in the grid and click the Delete button.

To modify UDO view security records in W00950UOK: 

  1. On Work with User Defined Objects (P98220U), in the "View User Defined Objects On" area, select the "Shared User Defined Objects" option to load all shared UDOs in the grid. You can use the fields in the header area or the filter fields in the header row in the grid to refine your search.

    Shared UDOs are approved for sharing and have a status of "Shared" in the Status Description column.

    This image is described in surrounding text.
  2. In the first column in the grid, click the check box of the shared UDO for which you want to modify UDO view security. You can select more than one record if you want to revise UDO view security for multiple records.

  3. Select the Row menu, Advanced, Security.

    EnterpriseOne displays the shared UDOs in the Work With User Defined Object View Security form. If you selected multiple records, the first record is displayed in the header area. You can click the right arrow to access the other selected shared UDOs.

  4. On the View Security for User Defined Object tab, click the icon to activate or deactivate any of the view security records in the grid.

    The record is automatically updated in Security Workbench after changing the status.

To delete UDO view security records in W00950UOK: 

  1. On Work with User Defined Objects, in the "View User Defined Objects On" area, select the Shared User Defined Objects option to load all shared UDOs in the grid. You can use the fields in the header area or the filter fields in the header row in the grid to refine your search.

  2. In the first column in the grid, click the check box of the shared UDO for which you want to delete view security. You can select more than one record if you want to delete the view security for multiple shared UDOs.

  3. Select the Row menu, Advanced, Security.

    EnterpriseOne displays the shared UDOs in the Work With User Defined Object View Security form. If you selected multiple records, the first record is displayed in the header area. You can click the right arrow to access the other selected shared UDOs.

  4. Select the Revise View Security tab, select a record and then click the Delete button.

    Note:

    To disable UDO view security, you do not have to delete the security record. Instead, you can disable the security record by making it inactive. This enables you to save the record in case you choose to make it active again in the future.

To manage UDO view security records by a user or a role from P98220U (Release 9.2.3)

You can access the Work With User Defined Object View Security form (W00950UOG) from the Work with User Defined Objects application (P98220U). This form gives you the option of providing the same user who is responsible for reviewing and approving shared UDOs in P98220U, the ability to set up/revise view security for shared UDOs. In addition, you can use this form to view the records to which a particular user/role has access to. All view security records created in this application are reflected in the view security form in Security Workbench.

To access Work With User Defined Object View Security (W00950UOG) from P98220U:

  1. In Work with User Defined Objects application (P98220U), select the Form menu, and then select View Security.

  2. On Work With User Defined Object View Security, click the Find button to load the UDO view security records in the grid.

    You can use the filter fields in the header row of the grid to refine your search.

On the Work With User Defined Object View Security (W00950UOG) form, you can:

  • Set up view security for individual UDOs or all shared UDOs of a particular UDO type.

  • Revise any existing view security record for a selected UDO.

  • Delete the view security for a shared UDO.

  • Copy the security information for another user or role. When you copy security, you can either overwrite the current security for the user or role, or you can add the new security information to the existing security information. See, Copying All Security Records for a User or a Role

  • Copy selected security records for a user or role. You can select and copy one security record at a time or all the security records for a user or role. See, Copying a Single Security Record for a User or a Role

24.6.4 Setting Up Base Form Security (Release 9.2.4)

You can use UDO view security settings to restrict access to the base forms. A base form is an EnterpriseOne form that is designed by using the Form Design Aid (FDA) and that has not been personalized. Personalized forms are the forms that have been personalized by using the Personal Form UDO. Configuring base form security ensures that users will only be able to access the personalized forms and not the base form.

JD Edwards EnterpriseOne provides a special UDO value, *BASE, that system administrators can use to configure base form security. When setting up base form security for an EnterpriseOne application, the system administrator must enter the *BASE value manually in the User Defined Object Name field on the User Defined Object View Security form.

If base form security is configured, the system determines the form that will be displayed when a user accesses the application based on the following order of precedence:

  1. If a default personal form exists for the user, the system displays the default personal form.

  2. If a default personal form does not exist for the user, the system displays the shared default form.

  3. If a shared default form does not exist for the user, the system displays the last active form.

  4. If the last active form does not exist for the user, the system displays the first personal form in the Personalization drop-down menu.

If base form security is configured and a personal form does not exist for the user, the system displays the base form but hides the Personal Form icon. This means that the user cannot personalize the form by using the Personal Form UDO.

To configure base form security: 

  1. On Work With User/Role Security in the Security Workbench (P00950), from the Form menu, select User Defined Object and then select View.

    Alternatively, on Work with User Defined Objects (P98220U), select the Form menu, and then select View Security.

  2. On Work With User Defined Object View Security (W00950UOG), click Add.

  3. On User Defined Object View Security, click the search button in the Object Type field and select PERSFORM (personal forms) as the UDO type. For a complete list of user defined objects, see the JD Edwards EnterpriseOne Tools Using and Approving User Defined Objects Guide.

  4. In the first row in the grid, ensure that the View column displays a red square and then complete the following columns:

    • User/Role. Enter a user, role, or enter *PUBLIC for all users.

    • Application Name. Enter the application ID of the application which you want to secure.

      Note:

      If you enter *ALL in this field and *BASE in the User Defined Object Name field, the system displays an error message.
    • Form Name. Enter the form ID of the form for which you want to configure base form security. Enter *ALL for all forms.

    • Version. Enter the version ID of the If you want to limit the base form security to a particular application version, enter the version ID. Or you can enter *ALL for all versions.

    • User Defined Object Name. Enter *BASE.

      Note:

      *BASE is a special value and is not available as a UDC value. Therefore, you must manually enter this value in the User Defined Object Name field.
    • Product Code and Reporting Code. If you entered a specific application, form, or version, these fields automatically change to *ALL (all product codes or all reporting codes) and you cannot modify them.

    • Web Object Category. Enter PERSFORM.

  5. Click OK.

24.7 Managing Content Security for Composite Application Framework

This section contains the following topics:

24.7.1 Understanding Content Security

A Composite Application Framework layout can include the following types of content:

  • Embedded EnterpriseOne forms

  • Generic URLs (contents from external web sites)

  • Oracle Business Intelligence Enterprise Edition reports (requires additional license)

In addition to setting up action and view security for Composite Application Framework layouts, you must set up content security to authorize users to work with or view the content types in Composite Application Framework layouts. Content security records are created by content type for a user, role, or *PUBLIC by content type. Without content security, users who are authorized to view or work with a Composite Application Framework layout will not be able to view or work with its contents.

Important:

If you add, modify, or delete content security, users must clear the cache in their browser for the changes to take effect.

24.7.2 Required Security for Working with Content in Shared Composite Application Framework Layouts

The following security must be in place for users to work with content in shared Composite Application Framework layouts:

  • Composite Application Framework feature enablement, which activates the Composite Application Framework feature globally in EnterpriseOne.

  • UDO action security that allows users to create, share, or modify Composite Application Framework layouts.

  • Content security that allows users to work with the following types of content in a Composite Application Framework layout: embedded EnterpriseOne forms, content from external web sites, and OBIEE content.

24.7.3 Required Security for Viewing Content in Shared Composite Application Framework Layouts

The following security must be in place for users to view content in shared Composite Application Framework layouts:

  • Composite Application Framework feature enablement, which activates the Composite Application Framework feature globally in EnterpriseOne.

  • UDO view security that allows access to the Composite Application Framework layout in the application. This enables users who have access to the application through EnterpriseOne application security, to access a Composite Application Framework layout associated with the application.

  • Content security that allows access to the following types of content that can be included in a Composite Application Framework layout: embedded EnterpriseOne forms, content from external web sites, and OBIEE content.

24.7.4 Additional Setup Required for OBIEE Content in Composite Application Framework

To display OBIEE content in Composite Application Framework, you must set up an integration between EnterpriseOne and OBIEE. See the "Configuring a Business Intelligence Connection" in the JD Edwards EnterpriseOne Tools Composite Application Framework (CafeOne) User's Guide for more information.

Navigation to Security Workbench: On the EnterpriseOne Welcome page, select the Navigator menu, EnterpriseOne Menus, EnterpriseOne Life Cycle Tools, System Administration Tools, Security Maintenance, Security Workbench.

To set up Composite Application Framework content security: 

  1. In Security Workbench, select the Form menu, User Defined Object, Content.

  2. On Work With Content, click the Add button.

  3. On Revise Content, select CAFE1 from the Feature drop-down menu.

    EnterpriseOne populates the grid with the three content types you can authorize access to in Composite Application Framework: Embedded E1 Form, Generic URL, and OBIEE – CafeOne Layout.

  4. In the User/Role field, enter a user, role, or *PUBLIC.

  5. In the grid, click the icon in the Access column authorize access to a content type.

    A green circle indicates that the security record is active. A red square indicates that the security record is inactive. You can hover over the icon to display the status in text.

  6. Click Save.

To modify Composite Application Framework content security: 

  1. In Security Workbench, select the Form menu, User Defined Object, Content.

  2. On Work With Content, click Find to access the current content security records.

    You can use the filter fields in the header row in the grid to refine your search by User/Role or Content Link (content type).

  3. In the grid, click the icon in the Access column activate or deactivate access to a content type.

    A green circle indicates that the security record is active. A red square indicates that the security record is inactive. You can hover over the icon to display the status in text.

To delete Composite Application Framework content security: 

  1. In Security Workbench, select the Form menu, User Defined Object, and then select Content.

  2. On Work With Content, click Find to access the current content security records.

    You can use the filter fields in the header row in the grid to refine your search by User/Role or Content Link (content type).

  3. Click the check box next to the records you want to delete and then click the Delete button.

    Note:

    To disable content security, you do not have to delete the security record. Instead, you can disable the security record by making it inactive. This enables you to save the record in case you choose to make it active again in the future.

24.8 Managing Content Security for Composite Page (Release 9.2.0.2)

This section contains the following topics:

24.8.1 Understanding Content Security

A Composed Page can include the following types of content:

  • Designer Pane

  • One View Reports

  • Embedded EnterpriseOne forms

  • Classic EnterpriseOne pages

  • Generic URLs (content from external web sites)

  • ADF applications

  • Oracle Business Intelligence Enterprise Edition reports (requires additional license)

  • Watchlist Pane (Release 9.2.0.3)

  • Springboard Pane (Release 9.2.1)

In addition to setting up action and view security for Composite Page, you must set up content security to authorize users to work with or view the content types in Composed Page. Content security records are created by content type for a user, role, or *PUBLIC by content type. Without content security, users who are authorized to view or work with a Composed Page will not be able to view or work with its contents.

Important:

If you add, modify, or delete content security, users must clear the cache in their browser for the changes to take effect.

24.8.2 Required Security for Working with Content in Shared Composed Pages

The following security must be in place for users to work with content in shared Composed Pages:

  • Composite Page feature enablement, which activates the Composite Page feature globally in EnterpriseOne.

  • UDO action security that allows users to create, share, or modify Composed Pages.

  • Content security that allows users to work with the following types of content in a Composed Page: embedded EnterpriseOne applications, content from external web sites, One View Reports, ADF applications, Classic EnterpriseOne pages, and OBIEE content.

24.8.3 Required Security for Viewing Content in Shared Composed Pages

The following security must be in place for users to view content in shared Composed Pages:

  • Composite Page feature enablement, which activates the Composite Page feature globally in EnterpriseOne.

  • UDO view security that allows users to view Composed Pages.

    Important:

    You cannot use *ALL for the "User Defined Object Name". This restriction prevents users from being able to access all Composed Pages from the EnterpriseOne Welcome screen.
  • Content security that allows access to the following types of content that can be included in a Composed Page: embedded EnterpriseOne forms, content from external web sites, and One View report, ADF application, Classic EnterpriseOne page, and OBIEE content.

24.8.4 Additional Setup Required for OBIEE Content in Composed Page

To display OBIEE content in a Composed Page, you must set up an integration between EnterpriseOne and OBIEE.

Refer to "Oracle BI Publisher and JD Edwards EnterpriseOne Security" in the JD Edwards EnterpriseOne Tools BI Publisher for JD Edwards EnterpriseOne Guide for instructions on how to configure Oracle BI Publisher with EnterpriseOne.

Navigation to Security Workbench: On the EnterpriseOne Welcome page, select the Navigator menu, EnterpriseOne Menus, EnterpriseOne Life Cycle Tools, System Administration Tools, Security Maintenance, and Security Workbench.

To set up Composite Page content security: 

  1. In Security Workbench, select the Form menu, User Defined Object, Content.

  2. On Work With Content, click the Add button.

  3. On Revise Content, select COMPOSITE from the Feature drop-down menu.

    EnterpriseOne populates the grid with the following content types you can authorize access to in Composite Page: ADF application, Embedded E1 Form, EnterpriseOne Pages, Generic URL, OBIEE - CafeOne Layout, and One View Report.

  4. In the User/Role field, enter a user, role, or *PUBLIC.

  5. In the grid, click the icon in the Access column to authorize access to a content type.

    A green circle indicates that the security record is active. A red square indicates that the security record is inactive. You can hover over the icon to display the status in text.

  6. Click Save.

To modify Composite Page content security: 

  1. In Security Workbench, select the Form menu, User Defined Object, Content.

  2. On Work With Content, click Find to access the current content security records.

    You can use the filter fields in the header row in the grid to refine your search by User/Role or Content Link (content type).

  3. In the grid, click the icon in the Access column to activate or deactivate access to a content type.

    A green circle indicates that the security record is active. A red square indicates that the security record is inactive. You can hover over the icon to display the status in text.

To delete Composite Page content security: 

  1. In Security Workbench, select the Form menu, User Defined Object, and then select Content.

  2. On Work With Content, click Find to access the current content security records.

    You can use the filter fields in the header row in the grid to refine your search by User/Role or Content Link (content type).

  3. Click the check box next to the records you want to delete and then click the Delete button.

    Note:

    To disable content security, you do not have to delete the security record. Instead, you can disable the security record by making it inactive. This enables you to save the record in case you choose to make it active again in the future.