WorldSoftware Object Security

prumschlag

Active Member
Has anyone implemented JDE's solution to the Object Level Security issue. As
you probably know, the user profile JDE owns all the objects (files, programs,
etc.) in the system and, as a default, all users are members of group JDE. This
works well if you stay within the friendly confines of JDE's menu and security
functions. However, for the more creative user who is familiar with FTP,
Network Neighborhood, or Client Access File Transfer, the gate is pretty much
wide open.

SAR 2662948 is JDE's answer. The good news is that it appears to be a very
complete analysis of this issue - a 22 page document with plenty of gotcha's and
however's. The bad news is that it is a very complete analysis of this issue -
not a simple 15 minute implementation.

Anyone out there actually done this? Any advice?

Phil Rumschlag
World 7.3 Cum 8
 
We just finished implementing object level security on over 100 production
libraries on the AS/400. Unfortunately, it was not a quick process - not due
to difficulty, but sheer volume. We used authorization lists to secure the
libraries, objects, and certain commands. If you would like more details,
you can contact me at [email protected].
 
Phil

How do you get PCCPY SAR 3385954??? That is the document which is
listed in the SAR you mentioned... I assume that is the white paper.

Chuck

----- Original Message -----
From: "prumschlag" <[email protected]>
To: <[email protected]>
Sent: Wednesday, February 14, 2001 3:04 PM
Subject: WorldSoftware Object Security


>
>
> Has anyone implemented JDE's solution to the Object Level Security issue.
As
> you probably know, the user profile JDE owns all the objects (files,
programs,
> etc.) in the system and, as a default, all users are members of group JDE.
This
> works well if you stay within the friendly confines of JDE's menu and
security
> functions. However, for the more creative user who is familiar with FTP,
> Network Neighborhood, or Client Access File Transfer, the gate is pretty
much
> wide open.
>
> SAR 2662948 is JDE's answer. The good news is that it appears to be a
very
> complete analysis of this issue - a 22 page document with plenty of
gotcha's and
> however's. The bad news is that it is a very complete analysis of this
issue -
> not a simple 15 minute implementation.
>
> Anyone out there actually done this? Any advice?
>
> Phil Rumschlag
> World 7.3 Cum 8
>
>
>
>
>
> --------------------------
> To view this thread, visit the JDEList forum at:
>
http://198.144.193.139/cgi-bin/wwwthreads/showflat.pl?Cat=0&Board=W&Number=5
623
> *************************************************************
> This is the JDEList World Mailing List.
> Archives and information on how to SUBSCRIBE, and
> UNSUBSCRIBE can be found at http://www.JDELIST.com
> *************************************************************
>
>
 
We use Safenet to secure our users that use FTP, ODBC, etc to access jde
files...

Check it out.

http://www.kisco.com/safenet.htm

Rich

At 12:04 PM 2/14/2001, you wrote:


>Has anyone implemented JDE's solution to the Object Level Security issue. As
>you probably know, the user profile JDE owns all the objects (files, programs,
>etc.) in the system and, as a default, all users are members of group
>JDE. This
>works well if you stay within the friendly confines of JDE's menu and security
>functions. However, for the more creative user who is familiar with FTP,
>Network Neighborhood, or Client Access File Transfer, the gate is pretty much
>wide open.
>
>SAR 2662948 is JDE's answer. The good news is that it appears to be a very
>complete analysis of this issue - a 22 page document with plenty of
>gotcha's and
>however's. The bad news is that it is a very complete analysis of this
>issue -
>not a simple 15 minute implementation.
>
>Anyone out there actually done this? Any advice?
>
>Phil Rumschlag
>World 7.3 Cum 8
>
>
>
>
>
>--------------------------
>To view this thread, visit the JDEList forum at:
>http://198.144.193.139/cgi-bin/wwwthreads/showflat.pl?Cat=0&Board=W&Number=5623
>
>*************************************************************
>This is the JDEList World Mailing List.
>Archives and information on how to SUBSCRIBE, and
>UNSUBSCRIBE can be found at http://www.JDELIST.com
>*************************************************************

===========================================================
Rich Buttenhoff Phone:(208)799-4181
Potlatch Corporation Fax:(208)799-1687
805 Mill Road Mailto:[email protected]
Lewiston, ID 83501-1016 http://www.potlatchcorp.com
===========================================================
Walking on water and programming from
specifications are easy, if both are frozen.
===========================================================
 
Chuck,

I have logged a service request with JDE on that question myself. I will post
their response.

The 22 page document I have is from SAR 2662948. You can get it from the "Code
Change" option.

Phil








cbower <[email protected]> on 02/14/2001 03:46:43 PM

Please respond to [email protected]








To: [email protected]

cc: (bcc: Phil Rumschlag/PHD)



Subject: Re: WorldSoftware Object Security








Phil

How do you get PCCPY SAR 3385954??? That is the document which is
listed in the SAR you mentioned... I assume that is the white paper.

Chuck

----- Original Message -----
From: "prumschlag" <[email protected]>
To: <[email protected]>
Sent: Wednesday, February 14, 2001 3:04 PM
Subject: WorldSoftware Object Security


>
>
> Has anyone implemented JDE's solution to the Object Level Security issue.
As
> you probably know, the user profile JDE owns all the objects (files,
programs,
> etc.) in the system and, as a default, all users are members of group JDE.
This
> works well if you stay within the friendly confines of JDE's menu and
security
> functions. However, for the more creative user who is familiar with FTP,
> Network Neighborhood, or Client Access File Transfer, the gate is pretty
much
> wide open.
>
> SAR 2662948 is JDE's answer. The good news is that it appears to be a
very
> complete analysis of this issue - a 22 page document with plenty of
gotcha's and
> however's. The bad news is that it is a very complete analysis of this
issue -
> not a simple 15 minute implementation.
>
> Anyone out there actually done this? Any advice?
>
> Phil Rumschlag
> World 7.3 Cum 8
>
>
>
>
>
> --------------------------
> To view this thread, visit the JDEList forum at:
>
http://198.144.193.139/cgi-bin/wwwthreads/showflat.pl?Cat=0&Board=W&Number=5
623
> *************************************************************
> This is the JDEList World Mailing List.
> Archives and information on how to SUBSCRIBE, and
> UNSUBSCRIBE can be found at http://www.JDELIST.com
> *************************************************************
>
>




--------------------------
To view this thread, visit the JDEList forum at:
http://198.144.193.139/cgi-bin/wwwthreads/showflat.pl?Cat=0&Board=W&Number=5627
*************************************************************
This is the JDEList World Mailing List.
Archives and information on how to SUBSCRIBE, and
UNSUBSCRIBE can be found at http://www.JDELIST.com
*************************************************************
 
We should probably keep this discussion on line, as there are others interested
in this thread.

We are supporting a single company, so we don't have the volume issue to deal
with. However, we don't have a development box to work on, so testing becomes
problematic. We will have to get it right the first time.

I am not looking forward to spending weeks analyzing the JDE document versus our
own idiot-syncrasies.Did you follow the JDE plan, or did you do the analysis
yourself and develop your own plan.

Phil








ineese <[email protected]> on 02/14/2001 03:43:23 PM

Please respond to [email protected]








To: [email protected]

cc: (bcc: Phil Rumschlag/PHD)



Subject: RE: WorldSoftware Object Security








We just finished implementing object level security on over 100 production
libraries on the AS/400. Unfortunately, it was not a quick process - not due
to difficulty, but sheer volume. We used authorization lists to secure the
libraries, objects, and certain commands. If you would like more details,
you can contact me at [email protected].




--------------------------
To view this thread, visit the JDEList forum at:
http://198.144.193.139/cgi-bin/wwwthreads/showflat.pl?Cat=0&Board=W&Number=5626
*************************************************************
This is the JDEList World Mailing List.
Archives and information on how to SUBSCRIBE, and
UNSUBSCRIBE can be found at http://www.JDELIST.com
*************************************************************
 
My CIO approached the security issue from the AS/400 side first and then
JDE. We were charged with securing all objects on the box before even
looking at JDE. Therefore, we did not follow the white paper. There have not
been a lot of problems - mainly because my partner and I have monitored
authorization failures for several months, so we caught the problems before
the user did. We did have 2 major issues but were able to resolve them in a
short period of time. It did take some concentrated planning before hand.
 

Similar threads

alfredorz
E9.2 IBM Db2 exception value out of range
Replies
4
Views
264
alfredorz
alfredorz
E9.2 Copy PDF file from PrintQueue to file share
Replies
10
Views
731
akkakm
Alex_Pastuhov
An extra layer of security for select users / superusers
Replies
2
Views
436
Alex_Pastuhov
Alex_Pastuhov
  • Poll
JDE CNC role disappearing?
Replies
5
Views
432
jdeKernel
BOster
E9.2 Where to configure Content-Security-Policy for a JAS server
Replies
0
Views
966
BOster
BOster
Back
Top