1. Security Administration Guide
  2. Database Security

Database Security

EnterpriseOne stores all system and business data in a supported relational database.

During a Platform Pack installation, the installer creates two initial roles (referred to as group profiles on iBMi and groups on UDB) that define access to data source tables. You must make sure that these roles are set up in EnterpriseOne before completing the installation. If the database administrator defines additional roles for securing access to tables in the data source, you need to make sure that these roles are defined in the EnterpriseOne Data Source application as well. See Managing Data Source Security in this guide for details.

For a new EnterpriseOne installation, the Platform Pack Installer uses these roles for all tables, including system and business data in the database.

For an upgrade, the Platform Pack Installer applies the roles to secure access to system tables only. It does not apply the roles to the business data or control tables. For these tables, you can use one of the following methods to apply the security:

  • In the business data and control tables data source, set up roles for a database administrator and database user. Add these same roles to the Grant Data Source Privileges (P986117) application in EnterpriseOne. See Managing Data Source Security in this guide for details. (Recommended)

    OR

  • Modify the scripts the Platform Pack Installer uses to apply data source security to system tables and then run these scripts over the business data and control tables data source. Make sure the roles used in the script for the data source security are added to Grant Data Source Privileges (P986117) application in EnterpriseOne.

    OR

  • Run the script for your platform as described in Revoke PUBLIC Access to Installed EnterpriseOne Database Tables.

    This last option is not recommended because if an OMW user updates a table, the security is lost and will have to be reapplied by running the script again. Only the first two options ensure that the security persists in the data source for any table modifications.