1. Security Administration Guide
  2. Reviewing the Installation

Reviewing the Installation

Review the following considerations after the system is updated:

  1. If the setting ONTHEFLYMIGRATION=1 is in the Enterprise Server jde.ini file, user records are encrypted with one-way hash encryption when the user logs in. There is no way to disable the encryption or revert back to the old security configuration.

  2. There is no procedure to rollback user records to the old encryption nor is there a procedure for converting all user records to the new encryption. The backup copy of the F98OWSEC table can be used to reset the user data.

  3. If the customer has multiple Enterprise Servers at different EnterpriseOne Tools Release levels, make sure each of them is pointing to the correct security data sources:

    • If an Enterprise Server running an older EnterpriseOne Tools Release accesses data encrypted using one-way hash encryption, authentication will fail and users will not be able to log in.

    • If an EnterpriseOne user signs into an Enterprise Server running EnterpriseOne Tools Release 9.1.3 or above, and the user's password is encrypted using the old encryption, the Enterprise Server updates the user's records in the Security tables to the one-way hash encryption. This only occurs if the setting ONTHEFLYMIGRATION=1 is in the Enterprise Server jde.ini.

    • If a new EnterpriseOne user is added using EnterpriseOne Tools Release 9.1.3 or above, the new user password is stored using one-way hash encryption. Consequently, this user will NOT be able to sign in to older EnterpriseOne Tools Releases that share the same F98OWSEC table.

    • If a new EnterpriseOne user is added using an EnterpriseOne Tools Release prior to 9.1.3, the new user password is stored using the old encryption. Therefore, this user can sign in to any EnterpriseOne Tools Release sharing the same F98OWSEC table, as long as the Enterprise Server jde.ini files do NOT include the setting ONTHEFLYMIGRATION=1.

  4. If the customer has multiple Enterprise Servers at different EnterpriseOne Tools Release levels, a dual maintenance procedure for users and passwords is required. Once all the foundations are running an EnterpriseOne Tools Release 9.1.3 or above:

    1. The jde.ini setting for SECURITY Data Source can be changed to point to the same data source for all servers running EnterpriseOne Tools Release 9.1.3 or above.

    2. Save the backup copy of the F98OWSEC table in case you need to roll back the EnterpriseOne Tools Release as described in Rolling Back the Software..