Security

The EnterpriseOne Security category will include all posts and pages pertaining to EnterpriseOne security configuration.

E1 Batch Approval Post Confusion

There is one very simple EnterpriseOne process that confuses me every stinking time Im asked to configure it.  Its setting up Batch Approval Post authority. 

My first frustration is that I think that this is NOT an IT function.  The business process owners know who should be able to approve whos batches and it doesnt have anything to do with the E1 security system. 

Ok, Im done with that.  Now, on to the second frustration What the heck is with the terminology used in this application?  To me, this is the consequences of early-adopter offshore development.  Approved by Users?  How about Approvers?  Wouldnt that make way more sense?  Oh, and what about Secured Users?  Arent those just Users or Batch Creators?  Either way, Ive never been able to setup this authorization correctly without looking at my notes that are 10+ years old.

So, here they are:

Create a new approver:

  1. Fastpath to P00241 (Batch Approval/Post Security Constants)
  2. Select the Form Exit Approved by Users
  3. Click the Add button: Add Button
  4. Type the approvers UserID in the Approved by Users field
  5. Type the batch creators UserID in the Secured User grid
    E1 Batch Approval Post

Add a batch creator to the list that an approver can approve:

  1. Fastpath to P00241 (Batch Approval/Post Security Constants)
  2. Select the Form Exit Approved by Users
  3. Use the QBE to search for the approver
  4. Select the approver
  5. Add users to the Secured User grid

Hopefully, by putting it on here I wont have to refer to my other set of notes.  At least for this issue.

Do you have anything in E1 that you just cant get straight? 

I might look at Inclusive/Exclusive Row Security next.  What do you think should be my next post subject?

Add A JDE EnterpriseOne Environment To Every Role/Group

You can use the below SQL to add an EnterpriseOne environment to every role or group in your installation:

INSERT INTO SY910/F0093 (LLUSER,LLLL,LLSEQ,LLMNI)
SELECT ULUSER, 'PD910','1.00','' FROM SY910/F0092

How to Set Up Address Book Data Privacy (P01138)

Yep, that’s right Address Book Data Privacy using the P01138.

This ability was introduced in Tools Release 8.98.4.0 with 8.11 applications but I just recently was introduced to it (Thanks, Steven).

Anyway, it’s a great way to hide sensitive information that is in the address book while still allowing some users to do a Search and Select without using column security.

Data security can be setup for the following fields:

  1. Tax ID
  2. Addl Ind Tax ID (additional tax ID)
  3. Address.  Includes Address Lines 1-7, City, State, Postal Code, Country, and County.
  4. Phone Number.  Includes phone number and phone prefix.
  5. Electronic Address.  Includes only electronic addresses with Type E.
  6. Day of Birth, Month of Birth, and Year of Birth.
  7. Gender

Setting up Address Book data security involves these steps:

  1. Selecting the Activate Personal Data Security constant in the Address Book Constants (P0000).  Personal data security is inactive unless the Activate Personal Data Security constant is selected.
  2. Setting up permission list definitions.  Use the Address Book Data Permissions program (P01138) to create one or more permission lists that specify which fields in the Address Book are secured.
  3. Setting up permission list relationships. Use the Permission List Relationships program (P95922) to determine the users or roles that are subject to each permission list.

Once you have set up Address Book data security, keep in mind that users can still view their own address book information, and secured fields are not protected under these circumstances:

  1. Adding new Address Book records.
  2. Running reports that contain the secured fields. 
  3. Viewing records in the Universal Table Browser (UTB).

So, how do you get it to work?

These instructions on setting up permission lists in P01138 are in a Word document that accompanies Oracle Doc ID 659670.1.  However, a quick breakdown follows:

  1. Open P01138
  2. Click Add. Add the name, search type and check the boxes that should be “masked”
  3. Ok to save.  Find.  Choose Row menu to setup Permission List Relationship
  4. Add Security Roles (setup in Security Workbench) or User IDs through Row menu
  5. Search for the User ID you want to add to this permission list.  Move the user to the left to add them to the permission list, then click close to save.   Note: a user can be associated to only one permission list or you will receive an error message.  This includes if a permission list is using *ALL.
  6. Then Go to Form menu and choose Perm List Rel:


JD Edwards EnterpriseOne Kernel Information Center

Last Updated May 26, 2011

Oracle introduced the JD Edwards EnterprisOne Kernel Information Center! There you can find links to all things related to kernels, IPC, PORTTEST & UNIX OS kernel sizing – all the things that make JD Edwards EnerpriseOne run. You can work with the links along the left side of the page to navigate through the document.


Update: 2-3-2014
The following link can be used to access Kernel information: https://support.oracle.com/epmos/faces/DocContentDisplay?_afrLoop=96362635308476&id=1387781.2&_afrWindowMode=0&_adf.ctrl-state=mtlqqpa0z_154

How To Start/Stop The Server Manager Agent On AS400

You can start/stop the managed agent from the command line (green screen) by following the steps below:

  1. Start the QSHELL by typing STRQSH at the command prompt.
  2. Change to the JDE_HOME/bin directory by typing <install_dir&gt;/JDE_HOME/bin.
    *** The <install_dir&gt; refers to the installation directory in the IFS
  3. To start the agent enter: startAgent &
    *** The & allows the agent to start as a background job so that it will not stop when you leave the QSHELL
  4. To stop the agent enter: stopAgent
  5. To restart or bounce the agent enter: restartAgent

You will want to run this in your startup script with a user that has a job queue that is not able to be interrupted. Because of this, QINTER is not a very good choice. The user will also need the following permissions: *ALLOBJ, *SAVSYS, *JOBCTL & *SECADM.

Also covered on Oracles My Support page ID 659949.1