Custom Application and * Public Security


We have created a custom application and we wont to secure it so that no Users should access it ,except one super user or JDEADMIN

when the requirement came to me i just went to p00950 and applied Application and action security to * Public as all values as N

I have refreshed the cache and asked the users to check and they are able to run the application from fast path

I double checked myself even i am able to access the application

What else should i do to lock down the access?

E One 8.12/Oracle DB

Creating the 2 security records at *PUBLIC should have the desired effect. Even just the application security record with N in Run and N in Install should keep the users from being able to fastpath to the application. Some common issues I have seen when this did not work is if there is a space in the record in the F00950 or even if the letters included in public or the object are not capitalized. While that shouldn't have an impact, I have seen it happen. I would check for spaces in fields of the security record first. If you don't see any, try deleting the records, refreshing your cache, then recreating the records just to make sure they are clean.

Hopefully this is able to help.
ALLOut Security
Thanks Linda for your reply

Yeah i did that with application and action security

We passed a weekly restart as well but I am still able to access the application

We have Qsoft in place but i dont think that is by passing this security
With Q Software, you should be able to run the Net Effect application (PY5AF250). If you put in your user id and the application, you should be able to tell where the access is coming from. If you have *ALL settings at your user id level or on any other roles, it will conflict with what you put at *PUBLIC.

Matt Vanderkooy
ERP-One Consulting Inc.
Thanks Matt.With your suggestion I was able to crack it .

The Net Effect application (PY5AF250) showed me that security is coming from roles
I applied security on *Public and set to N and N but at the role level there is * ALL set to Y for application security
Me and few other important users has this setup * ALL on role level so even though i am applying at * Public ,system didn't care.Now I got this

Thanks again