E9.2 How can I configure a Orchestrator to execute with a specific, predetermined userID, independent of the user launching the Orchestrator?

[Frangie]

I want the Orchestrator to consistently log actions under a predefined user account for tracking, security and auditing purposes.
This will also help with different security in different applications that the end user might not have.

Thanks in advance for any advice.

 

[Kevin Long]

The user calling the orchestration is going to be the user whose security will be used, so it all depends on how the orchestration is going to be called. Often this is the desired behaviour from a security and auditing perspective because you transactions are stamped with the user creating the transaction along with date, time, program id, etc. However, when you start getting into orchestrations that cross functional areas of responsibility you can run into security constraints. For example, I wrote an orchestration to update a customer's payment terms and payment instrument. The customer master was done by the one team, updating open sales orders was a different team, and a third team had to update the open AR.

In this case, I used the AIS Server scheduler to launch the orchestration with a user id that had the appropriate security to do all of the updates previously split by three teams. In other cases, in other cases I have used service accounts that allowed external systems to run orchestrations. What you cannot do is have a JDE user launch an orchestration either from a form extension, orchestrator studio, or from a customized UBE or Form, with their own User ID and have it run as a different user.

 

[DaveWagoner]

What you cannot do is have a JDE user launch an orchestration either from a form extension, orchestrator studio, or from a customized UBE or Form, with their own User ID and have it run as a different user.

User launches orch, orch contains REST API Orch calls to connector that is using a connection with a specified "hard coded" system account name/pass for the crazy stuff the user might not have access to otherwise. That's the only additional thing I can think of.

 

[Frangie]

Do business Functions use the same security as the end-users security? Or will that be open?

 

[jolly]

User launches orch, orch contains REST API Orch calls to connector that is using a connection with a specified "hard coded" system account name/pass for the crazy stuff the user might not have access to otherwise. That's the only additional thing I can think of.

This... but the nice thing is the connection is soft coded and can be changed on the fly with immediate effect, and can have different user and password depending on the logged in environment. JDE got this right.

Also handy are "service" JDE accounts that cannot be logged in as interactive.

 

[DaveWagoner]

Also handy are "service" JDE accounts that cannot be logged in as interactive.

My understanding on these service accts is that they don't count against license too!?

 

[jolly]

What’s a license? lol.

 

[Kevin Long]

Do business Functions use the same security as the end-users security? Or will that be open?

It follows the JDE security of the user calling the orchestration.

 

[BetoJDE]

I guest that you can do a custom call to your orchestrator with a especific user and pass using a basic autentication (convert to base64 userasssword) for not show the user and password in the monitor like this code on jRuby

# Define the URL for the ORCH
    urla = URI.parse('http://aisserver:port/jderest/orchestrator/yourORCH')
    
    jsonOut = JSON.generate(jsonIn)
    # Create a hash with the JSON In for the call, in this case i need send the output JSON, but you can manage to send whatever you need
    data = {
      "UKID" => jsonIn['UKID'],
      "Text" => jsonOut,
      "Name" => "JSON_OUT"
    }


    # made the POST request
    http = Net::HTTP.new(urla.host, urla.port)
    request = Net::HTTP::Post.new(urla.path)
    request.body = data.to_json
    request['Content-Type'] = 'application/json'
    request['Authorization'] = "Basic UVVNR0FSQ0lBOlF1YWxpdGEyMyo="

    response = http.request(request)

 

[JohnDanter2]

May noy be what you want exactly but I did write a C++ BSFN to open a thread under a different USER ID and password using API JDB_InitUser and JDB_InitEnvOvr
Worked like a total charm, but I used it for launching UBEs under the second USER ID

Nothing stopping you launching something else I guess

#include <jde.h>
 
#define b570001_c
 
 
/*****************************************************************************
 *    Source File:  b570001
 *
 *    Description:  GTS EDI Interoperability, Launch UBE Specific User Source File
 *
 *        History:
 *          Date        Programmer  SAR# - Description
 *          ----------  ----------  -------------------------------------------
 *   Author 11/14/2013  John Danter     MPRJ0076.19.57.59 - Generic B2B Subsystem WC MSGS  
 *
 * Copyright (c) J.D. Edwards World Source Company, 1996
 *
 * This unpublished material is proprietary to J.D. Edwards World Source Company.
 * All rights reserved.  The methods and techniques described herein are
 * considered trade secrets and/or confidential.  Reproduction or
 * distribution, in whole or in part, is forbidden except by express
 * written permission of J.D. Edwards World Source Company.
 ****************************************************************************/
/**************************************************************************
 * Notes:
 *
 /**************************************************************************
 * Notes:
 * Purpose
 * -------
 * This function is designed to launch the Interoperability Vendor-Specific
   UBE specified in the Input Parameter's UBE Name and Version under a specific USER ID.
   It will also pass 6 additional parameters to the Vendor-Specific UBE, namely EDI
   Key Co(EKCO), EDI Doc Number(EDOC), EDI Doc Type (EDCT), Export
   Mode Flat File(FFEM), Export Mode Database(EDEM) and Export Mode API(EAEM).
   After the Vendor-Specific UBE returns, it will copy the UBE Error Code
   parameter from the Vendor-Specific UBE's report interconnect data structure
   to the Output Error Code parameter.

    The main aim of this BSFN is to open a user session for the user/password/environment passed in.
    All WorkCentre messages for the UBE to be called will then fall into a WC of choice

 *
 * Special Logic
 * -------------
 * 1. All required fields must be passed in.
 * 2. The Vendor-Specific UBE called by this business function must
      have the following Report Interconnect data structure.
      The order of the parameters in the UBE data structure must
      be maintained as follows:
   3. * EDI Key Co(EKCO)               (INPUT)
   4. * EDI Doc Number (EDOC)          (INPUT)
   5. * EDI Doc Type (EDTY)            (INPUT)
   6. * Export Mode Flat File (FFEM)   (INPUT)
   7. * Export Mode Database (EDEM)    (INPUT)
   8. * Export Mode API (EAEM)         (INPUT)
   9. * UBE Error Code (ERRC)          (OUTPUT)
 **************************************************************************/
 
#include <b570001.h>
 
 
/**************************************************************************
 *  Business Function:  GTSEDIInteropLaunchSpecificUSER
 *
 *        Description:  GTS EDI Interoperability, Launch UBE Specific User
 *
 *         Parameters:
 *           LPBHVRCOM           lpBhvrCom    Business Function Communications
 *           LPVOID              lpVoid       Void Parameter - DO NOT USE!
 *           LPDSD570            lpDS         Parameter Data Structure Pointer  
 *
 *************************************************************************/
 
JDEBFRTN (ID) JDEBFWINAPI GTSEDIInteropLaunchSpecificUSER (LPBHVRCOM lpBhvrCom, LPVOID lpVoid, LPDSD570001 lpDS)
 
{
   /************************************************************************
    *  Variable declarations
    ************************************************************************/
   ID                idReturnCode         = ER_SUCCESS;
   ID                idJDBReturn          = JDEDB_PASSED;
   /************************************************************************
    * Declare structures
    ************************************************************************/

    DSRI570001UBEDS              dsReportInterconnect= { 0 };
   struct tagUBEVAR              dsUbeStructure      = { 0 };


   /************************************************************************
    * Declare pointers
    ************************************************************************/
 
    HUSER            hUser            =    (HUSER)NULL;
    PUBEVAR            pUBEVar            =    (PUBEVAR)NULL;
    HENV            hEnv            =    NULL;
    HUSER            hUser2            =    NULL;
    LPBHVRCOM        lpBhvrCom2        =    NULL;
    LPVOID            lpVoid2            =    NULL;
/*
    JCHAR            szEnv[11]        = {0};
    JCHAR            szUser[11]        = {0};
    JCHAR            szPwd[30]        = {0};

    PJSTR            pEnv            = NULL;
*/

   /************************************************************************
    * Check for NULL pointers
    ************************************************************************/
   if ((lpBhvrCom == (LPBHVRCOM) NULL) ||
       (lpVoid    == (LPVOID)    NULL) ||
       (lpDS      == (LPDSD570001)    NULL))
   {
     jdeErrorSet (lpBhvrCom, lpVoid, (ID) 0, _J("4363"), (LPVOID) NULL);
     return ER_ERROR;
   }
   /* Initialize Behaviour DS */
   idJDBReturn = JDB_InitBhvr(lpBhvrCom, &hUser,
                              (JCHAR *) NULL, JDEDB_COMMIT_AUTO);

   if (idJDBReturn != JDEDB_PASSED)
   {
      jdeErrorSet (lpBhvrCom, lpVoid, (ID) 0, _J("4363"), (LPVOID) NULL);
     
      lpDS->cErrorCode = _J('1');
      return ER_ERROR;
   }
   /************************************************************************
    * Set pointers
    ************************************************************************/
 
   /************************************************************************
    * Main Processing
    ************************************************************************/

   /* Spawn new user session using API JDB_InitEnvOvr
   JDB_InitEnvOvr() initializes a JDB environment, usually on the servers.
   This API passes the environment name, user name, and password for signing on to the environment.
   In addition, without an initialized environment, no JDB API will work.
   The environment handle initialized here is needed for the call to JDB_InitUser.
   */



    if (JDB_InitEnvOvr( &hEnv, lpDS->szEnvironment, lpDS->szScheduledUserID, lpDS->szScheduledPassword) != JDEDB_PASSED)
    {
        JDB_FreeBhvr(hUser);
        return (ER_ERROR);
    }
   
    if (JDB_InitUser(hEnv, &hUser2, lpDS->szScheduledUserID, JDEDB_COMMIT_AUTO) != JDEDB_PASSED)
    {
        JDB_FreeBhvr(hUser);
        return (ER_ERROR);
    }

    jdeCreateBusinessFunctionParms(hUser2, &lpBhvrCom2, &lpVoid2);


   /* Initialize Output Variables */
   lpDS->cErrorCode = _J('0');

   /* Set up PUBEVar data structure */
   dsUbeStructure.bPreview = FALSE;
   jdeStrcpy((JCHAR *)dsUbeStructure.szReport,(const JCHAR *)lpDS->szVendorSpecificUBEName);
     jdeStrcpy((JCHAR *)dsUbeStructure.szVersion, (const JCHAR *)lpDS->szVersionToCall);
   if((jdeGetHostName(dsUbeStructure.szMachineKey, 16, 0) == 1) ||
      (!GetLocalEnvironmentName(dsUbeStructure.szEnhv, 11)))
   {
      lpDS->cErrorCode = _J('1');
      lpDS->cUBEErrorCode = _J('1');
      idReturnCode = ER_ERROR;
   }
   if(lpDS->cErrorCode != _J('1'))
   {
      /* Assign Input Parameters to Report Interconnect Values */
      jdeStrcpy((JCHAR *)dsReportInterconnect.szEDIKeyCompany,
             (const JCHAR *)lpDS->szEDIKeyCompany);
       MathCopy(&dsReportInterconnect.mnEDIDocumentNumber, &lpDS->mnEDIDocumentNumber);
       jdeStrcpy((JCHAR *)dsReportInterconnect.szEDIDocumentType,
             (const JCHAR *)lpDS->szEDIDocumentType);
       dsReportInterconnect.cExportModeFlatFile = lpDS->cExportModeFlatFile;
       dsReportInterconnect.cExportModeExternalDatabase = lpDS->cExportModeExternalDatabase;
      dsReportInterconnect.cExportModeExternalAPI = lpDS->cExportModeExternalAPI;

      dsUbeStructure.idRunTime  = (GLRTID)lpBhvrCom->hDlg << 16;

      /* Run the UBE Synchronously with this Bs Fn (i.e. wait until UBE
         is complete before executing next line of code).
       */
      dsUbeStructure.bSynchFlag = TRUE;  

      /* Run the UBE Without Any Prompting (i.e. Batch Mode). */
      dsUbeStructure.bBatchFlag = TRUE;  

      /* Call Launch UBE API */
      idJDBReturn = jdeLaunchUBEEx((HUSER)hUser2,
                                   (PUBEVAR)&dsUbeStructure,
                                   (LPVOID)&dsReportInterconnect,
                                   (LPBHVRCOM) lpBhvrCom);

      /* When UBE Managed to Launch and Return, Get Error Code back */
      if(idJDBReturn != JDEDB_PASSED)
      {
         lpDS->cErrorCode = _J('1');
         lpDS->cUBEErrorCode = _J('1');
         idReturnCode = ER_ERROR;
      }
      else
      {
         lpDS->cUBEErrorCode = dsReportInterconnect.cErrorCode;
      }

        jdeFreeBusinessFunctionParms(lpBhvrCom2, lpVoid2);
        JDB_FreeUser(hUser2);
        JDB_FreeEnv(hEnv);
        jdeFree(pUBEVar);
 
   }

   /************************************************************************
    * Function Clean Up
    ************************************************************************/
 
   return (ER_SUCCESS);
}
 
/* Internal function comment block */
/**************************************************************************
 *   Function:  Ixxxxxxx_a   // Replace "xxxxxxx" with source file number
 *                           // and "a" with the function name
 *      Notes:
 *
 *    Returns:
 *
 * Parameters:
 **************************************************************************/