Implementation Considerations

Data selection security only applies to web clients. You can set up data selection security by running the Security Workbench application on the Windows client. However, the security is only enforced for end users submitting batch applications from the web client. It is not enforced for other means of launching reports, such as RUNUBE and RUNUBEXML commands or the scheduler.

The Data Selection row exit on the Work with Batch Versions form allows a user to modify the data selection for a version or report. Oracle recommends that the EnterpriseOne security administrator secures the Data Selection row exit using existing hyper exit security in addition to setting up proper data selection security.

For example, data selection security is set up for a user on a batch application version so that the user cannot modify existing rows but can add new rows. However, the user can access the Data Selection row exit and use this row exit to add rows to the existing data selection. When the user clicks OK, the data selection specification is saved to the version. When the user takes the Data Selection row exit again, all rows become existing rows that are secured out. As a result, he cannot modify rows that he just added.

You should also consider using action security to secure the ability to add and copy versions of a batch application. Or you can set data selection security at the batch application level rather than version level. In this case, a new user-created version that was created through add or copy will still have the same data selection security.