Understanding this Guide
This guide contains comprehensive instructions and recommendations for setting up a secure EnterpriseOne environment. It contains pre- and post installation security considerations, as well as instructions on how to use EnterpriseOne security applications to ensure only authorized individuals have access to EnterpriseOne applications, features, and data.
This guide is organized into the following parts:
Part I, Security Overview Chapters provide an overview of EnterpriseOne security, from secure architecture for an EnterpriseOne environment to application security.
This part contains the following chapters:
Part II, Secure Installation and Configuration Chapters provide guidelines for implementing a secure EnterpriseOne system architecture. This part contains pre-installation, installation, and post-installation tasks and recommendations related to security.
Part II provides guidelines and recommendations for configuring and deploying JD Edwards EnterpriseOne to make it more secure in real-world, customer environments. It provides information about securing the overall infrastructure of a deployed EnterpriseOne system. It contains practical instruction for technical users, installers, and system administrators who implement and maintain the EnterpriseOne system. Part II also contains system hardening configuration recommendations, including hardening of the EnterpriseOne database and hardening of EnterpriseOne tools and administration applications.
It is not possible to address every security scenario that might be applicable to a particular implementation and environment. Therefore, the items discussed in this part are intended to give a broad, best practices baseline for securing EnterpriseOne.
This part contains the following chapters:
Chapter 3 - Pre-Installation Security Considerations
Chapter 4 - Securing EnterpriseOne System Components
Chapter 5 - Post-Installation Security Configurations
Chapter 6 - Security for Custom Map Viewers
Part III, EnterpriseOne Access Provisioning Chapters describes how to set up user and role profiles in EnterpriseOne so that you can configure sign-in security and object-level security for EnterpriseOne users.
Access provisioning is the process of setting up user and role profiles in EnterpriseOne in order for users to gain access to EnterpriseOne and the particular applications and features they are authorized to use. After you set up user and role profiles, you can create sign-in security records for each user. You also have the option to set up a single sign-on configuration or configuring EnterpriseOne to manage users through third-party, LDAP-enabled systems. See Part IV, "EnterpriseOne Authentication Security" for more information.
In addition, you use user and role profiles to create security records for authorizing access to particular EnterpriseOne applications, features, and data. See Part V, "EnterpriseOne Authorization Security" for more information.
This part contains the following chapters:
Part IV, EnterpriseOne Authentication Security describes how to implement sign-in security so that only authenticated users have access to JD Edwards EnterpriseOne. It also provides instructions for setting up single sign-on and managing users through a third-party LDAP directory.
EnterpriseOne authentication security ensures that anyone who attempts to sign in to EnterpriseOne is a valid, authenticated EnterpriseOne user.
In addition to setting up sign-in security, authentication security encompasses configurations for single sign-on, managing users and passwords in an LDAP-compliant directory service, and unified logon (prior to release 9.2.2 only). It is important that you carefully follow the instructions as you implement any of the configurations discussed in this part.
This part contains the following chapters:
Chapter 11 - Understanding Sign-in Security
Chapter 12 - Setting Up User Sign-in Security
Chapter 13 - Enabling Long Passwords in EnterpriseOne
Chapter 14 - Enabling LDAP Support in JD Endwards EnterpriseOne
Chapter 15 - Setting Up JD Edwards EnterpriseOne Single Sign-On
Chapter 17 - Setting Up JD Edwards EnterpriseOne Single Sign-On Through Oracle Access Management 12c
Part V, EnterpriseOne Authorization Security describes how to set up authorization security, which includes setting up EnterpriseOne object-level security using the Security Workbench. It also describes other EnterpriseOne security features such as Address Book Data security and user defined objects security.
This part contains the following chapters:
Chapter 22 - Understanding Authorization Security
Chapter 23 - Setting Up Authorization Security with Security Workbench
Chapter 24 - Managing Security for User Defined Objects
Chapter 25 - Setting Up JD Edwards Solution Explorer Security
Chapter 26 - Setting Up Address Book Data Security
Part VI, EnterpriseOne Developer Security describes how to set up security for developers which includes defining the actions that developers can perform in the Object Management Workbench.
The Object Management Workbench (OMW) in EnterpriseOne is the primary component of the change management system for EnterpriseOne development. A change management system is vital to a productive development environment because it helps organize a myriad of development activities and helps prevent problems, such as when a developer intermixes components from different releases or when multiple developers simultaneously change an object. OMW automates many of these change management activities.
As part of the OMW implementation, it is critical that you set up permissions to determine who can access OMW, as well as set up and assign OMW users to roles that control the actions that they can perform.
This part contains the following chapter:
Part VII, EnterpriseOne Security Auditing describes how to run reports that are used for security auditing purposes. It also provides an overview of the EnterpriseOne auditing features for supporting the 21 CFR Part 11 auditing regulations.
This part contains the following chapters:
Chapter 30 - Configuring EnterpriseOne Security Auditing
Appendix A - DB Password Encryption
Appendix B - Creating a JD Edwards EnterpriseOne LDAP Configuration for OID