1. Security Administration Guide
  2. Understanding Data Source Security for EnterpriseOne Tables

Understanding Data Source Security for EnterpriseOne Tables

A JD Edwards EnterpriseOne installation adheres to Oracle's secure-by-default security model by restricting access to EnterpriseOne tables created in the database. During a Platform Pack installation, the installer creates two initial roles (referred to as group profiles on iBMi and groups on UDB) that define access to data source tables. The following table shows the privileges for each role:

Data Source Role

Alter Table

Create Index

Select

Insert

Update

Delete

JDE Admin

X

X

X

X

X

X

JDE User

X

X

X

X

An X denotes the privilege enabled for tables.

Important: During the installation, an administrator can modify the names of these roles in the Platform Pack Installer. Therefore, the names of the roles might not reflect the names in the preceding table. For more information, see "Working with the Platform Pack" in the JD Edwards EnterpriseOne Installation and Upgrade guides, which you can access here:http://docs.oracle.com/cd/E61420_01/index.htm

After running the Platform Pack installation and before running the installation workbenches, you must create the equivalent security definitions for the data source in EnterpriseOne. You create these definitions in the Grant Data Source Privileges (P986117) application, which stores the data source security records in the F986117 table. If a database administrator has additional roles defined for the data source, make sure that these roles are defined in P986117 as well.

This security is applied during table creation and pertains only to new tables created anywhere in EnterpriseOne including tables created from Object Management Workbench, an ESU process, table conversions, UBEs for copying tables, and so forth. Security is defined at the data source level and does not impact EnterpriseOne applications security or row security that is defined for users in the Security Workbench.

JD Edwards EnterpriseOne uses only the select, insert, update, and delete privileges defined in the "JDE User" record in P986117. The "JDE Admin" record with the alter table and create index privileges in P986117 is simply used for record keeping and enables access to the database without having to ask the database administrator to create a database role and login credentials.

Although not recommended, you can also disable data source security for a data source. When data source security is disabled, new tables created in the data source have all privileges granted through the *PUBLIC role.