You can use the below SQL to add an EnterpriseOne environment to every role or group in your installation:
INSERT INTO SY910/F0093 (LLUSER,LLLL,LLSEQ,LLMNI) SELECT ULUSER, 'PD910','1.00','' FROM SY910/F0092
EnterpriseOne – Security
Add A JDE EnterpriseOne Environment To Every Role/Group
How to Set Up Address Book Data Privacy (P01138)
Yep, that’s right Address Book Data Privacy using the P01138.
This ability was introduced in Tools Release 8.98.4.0 with 8.11 applications but I just recently was introduced to it (Thanks, Steven).
Anyway, it’s a great way to hide sensitive information that is in the address book while still allowing some users to do a Search and Select without using column security.
Data security can be setup for the following fields:
- Tax ID
- Addl Ind Tax ID (additional tax ID)
- Address. Includes Address Lines 1-7, City, State, Postal Code, Country, and County.
- Phone Number. Includes phone number and phone prefix.
- Electronic Address. Includes only electronic addresses with Type E.
- Day of Birth, Month of Birth, and Year of Birth.
- Gender
Setting up Address Book data security involves these steps:
- Selecting the Activate Personal Data Security constant in the Address Book Constants (P0000). Personal data security is inactive unless the Activate Personal Data Security constant is selected.
- Setting up permission list definitions. Use the Address Book Data Permissions program (P01138) to create one or more permission lists that specify which fields in the Address Book are secured.
- Setting up permission list relationships. Use the Permission List Relationships program (P95922) to determine the users or roles that are subject to each permission list.
Once you have set up Address Book data security, keep in mind that users can still view their own address book information, and secured fields are not protected under these circumstances:
- Adding new Address Book records.
- Running reports that contain the secured fields.
- Viewing records in the Universal Table Browser (UTB).
So, how do you get it to work?
These instructions on setting up permission lists in P01138 are in a Word document that accompanies Oracle Doc ID 659670.1. However, a quick breakdown follows:
- Open P01138
- Click Add. Add the name, search type and check the boxes that should be “masked”
- Ok to save. Find. Choose Row menu to setup Permission List Relationship
- Add Security Roles (setup in Security Workbench) or User IDs through Row menu
- Search for the User ID you want to add to this permission list. Move the user to the left to add them to the permission list, then click close to save. Note: a user can be associated to only one permission list or you will receive an error message. This includes if a permission list is using *ALL.
- Then Go to Form menu and choose Perm List Rel:
JD Edwards EnterpriseOne Kernel Information Center
Last Updated May 26, 2011
Oracle introduced the JD Edwards EnterprisOne Kernel Information Center! There you can find links to all things related to kernels, IPC, PORTTEST & UNIX OS kernel sizing – all the things that make JD Edwards EnerpriseOne run. You can work with the links along the left side of the page to navigate through the document.
Documentation and Certifications
Diagnostics and Debugging
EnterpriseOne Kernel Topics
Support and Searching
How To Start/Stop The Managed Agent On AS400
You can start/stop the managed agent from the command line (green screen) by following the steps below:
- Start the QSHELL by typing STRQSH at the command prompt.
- Change to the JDE_HOME/bin directory by typing <install_dir>/JDE_HOME/bin.
*** The <install_dir> refers to the installation directory in the IFS - To start the agent enter: startAgent &
*** The & allows the agent to start as a background job so that it will not stop when you leave the QSHELL - To stop the agent enter: stopAgent
- To restart or bounce the agent enter: restartAgent
You will want to run this in your startup script with a user that has a job queue that is not able to be interrupted. Because of this, QINTER is not a very good choice. The user will also need the following permissions: *ALLOBJ, *SAVSYS, *JOBCTL & *SECADM.
Also covered on Oracle’s My Support page ID 659949.1
Access To Environments
To find out what users or groups have access to a certain environment run the following SQL:
select * from sy811/f0093 where llll='<enviornment>'
To find out what environments a user or group has access to run the following SQL:
select * from sy811/f0093 where lluser='<userid>'
20 Products Affected By Oracle’s Lastest Critical Patch Update
Oracle released the October 2008 Critical Patch Update. This update contains 36 new security fixes across 20 different products.
A piece of EnterpirseOne, the Business Services Server, is included in this update.
Oracle CPU – October 2008
Oracle CPU FAQ
Quick EnterpriseOne Version Security Solution
Whether you are trying to change the processing options of an interactive version or a batch version. Sometimes you can run into issues where the application indicates that you do not have authority to change the version like the example to the left.
To quickly get around this error, we can use SQL to change the security setting in the F983051.
UPDATE CODV811/F983051 SET VREXCL = 0 WHERE vRPID = 'P03B2002' AND VRVERS = 'TEST0001'
Time To Change Your Password
We have our passwords set to expire every 90 days.
Sometimes there are user IDs that you don’t want to change but don’t really want them to show up on the audit report as not having an expiration period.
Here is a SQL statement that can help you:
UPDATE SY811/F98OWSEC SET SCSECLST=<numeric date> WHERE SCUSER='<UserID>'
.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, “Courier New”, courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
EnterpriseOne UserIDs Of Terminated Empoyees
My current employer is a publicly traded entity. As such, we are subject to SOX regulations. Because of this we run many reports periodically to satisfy the auditing department.
One of those reports determines if there are any terminated employees that still have active UserIDs.
Here is the SQL that is used for the report:
SELECT
uluser, -- userid from f0092
sceuser, -- userid from f98owsec
yapast, -- employee pay status from f060116
date(char(yadt+1900000)), -- adjustment date (last edit of record) from f060116
yaalph -- full name from f060116
FROM
sy811/f0092 a, sy811/f98owsec b, proddta/f060116 c
WHERE
a.uluser = b.scuser = userid
and a.ulan8 = c.yaan8 -- address book #
and c.yapast <> '0' -- employee pay status not active
and b.sceuser = '01' -- userid is enabled
Problems Deploying A Package
We had an issue over the weekend…
We built an update package successfully. However, we were unable to deploy it. The R98825D just kept running and running. It wouldn’t end. We did all the normal stuff:
- Stop services
- Delete SQLPKGs
- Start services
- Reboot Deployment server
- Deploy to a different port (we are using multi-foundations)
Nothing worked.
I then started looking through the server kernel logs. When I got to the security kernel, I noticed that the PSFT userid was disabled. Now, we normally don’t login with that ID and hadn’t for quite some time. Although, I do remember changing the password a few months ago.
Anyway, I re-enabled the profile and reset the password to PSFT and everything worked great.
Now, I guess we need to go and change the PSFT password everywhere so that when users come back from E1 training they don’t have access to the whole system.
