HR & Payroll Security issues

  • Thread starter Adrian_Chimirel
  • Start date
Adrian_Chimirel

Adrian_Chimirel

Legendary Poster
Hi,
We're in the final phase of HR & Payroll implementation and would like to hear from sites that did it before us, OR that are doing it now:
- HOW did you secure confidential information, such as Address, SIN/SSN, Bank Accounts, Salary rates, ... ?
- WHERE/at what level:
a) OW security (row/column),
b) Database security
- ANY other related topic that might cover our issue
Thank you,
Adrian Chimirel
 
Hi Adrian

Like you, we are close to going live with payroll and are struggling with the question of security. We have gone for an exclusive approach. We have moved all the tables in systems 05, 06, 07, 08 and 75 to a different schema in the database. We have created a new database datasource to point to these tables. We then excluded user JDE from having access to these tables and granted database user "Payroll" access. We then set up a new environment with OCM mappings for each table to point to the new datasource. On the Oneworld security side, if we want somebody to have access to payroll, they need a security record for the new datasource as well as the default JDE record.

As well as this, our payroll consultants have given us a list of fields in all the critical tables which we have secured through column security.

The issues we haven't solved yet are jobs running on the application security. My appraoch to this is to use row security on a "Payroll" queue. I haven't quite got there yet.

The only other thing that worries me is that some of our payroll people use Citrix. When they view a job on the server, it is copied to the Citrix machine and is available to anybody trawling through the printqueue directory on that machine.

Hope this helps. I would appreciate your thoughts on this. If you have any ideas using a different approach, I would love to hear them, as maintaining our OCM mappings are going to be a pain.

Regards
Marty
 
One thing you might want to consider on the Citrix side is to have
individuals store their pdfs in their home directories or in a directory
that is otherwise private.

I don't remember the exact "stanza" in the JDE.INI where you set this path
but I believe it might be quite obvious when you look in there. This would
allow you to secure the .pdfs after they have been viewed and pulled to the
Citrix box.

Thanks,
James

OneWorld CNC Consultant



mjf
<marty.fleming@rich To: James Wilson/Chicago/IBM@IBMUS
mond.co.nz> cc:
Sent by: Subject: Re: HR & Payroll Security issues
owner-support@jdeli
st.com


10/09/2002 04:58 PM
Please respond to
jdeapps





Hi AdrianLike you, we are close to going live with payroll and are
struggling with the question of security. We have gone for an exclusive
approach. We have moved all the tables in systems 05, 06, 07, 08 and 75 to
a different schema in the database. We have created a new database
datasource to point to these tables. We then excluded user JDE from having
access to these tables and granted database user "Payroll" access. We then
set up a new environment with OCM mappings for each table to point to the
new datasource. On the Oneworld security side, if we want somebody to have
access to payroll, they need a security record for the new datasource as
well as the default JDE record.As well as this, our payroll consultants
have given us a list of fields in all the critical tables which we have
secured through column security.The issues we haven't solved yet are jobs
running on the application security. My appraoch to this is to use row
security on a "Payroll" queue. I haven't !
quite got there yet.The only other thing that worries me is that some of
our payroll people use Citrix. When they view a job on the server, it is
copied to the Citrix machine and is available to anybody trawling through
the printqueue directory on that machine.Hope this helps. I would
appreciate your thoughts on this. If you have any ideas using a different
approach, I would love to hear them, as maintaining our OCM mappings are
going to be a pain.RegardsMarty
OneWorld: Xe SP16.1
Database: Oracle 8i
Enterprise Server: Compaq Proliant 8500R W2K
--------------------------
To view this thread, go to:
http://www.jdelist.com/ubb/showthreaded.php?Cat=&Board=Apps&Number=43224
+ - - - - - - - - - - - - - - - - - - - - - - - -+
This is the JDEList One World / Xe® and World Applications mailing
list/forum.
Archives and information on how to SUBSCRIBE, and
UNSUBSCRIBE can be found on the JDEList Forum at
http://www.JDEList.com

JDEList is not affiliated with JDEdwards®

+ - - - - - - - - - - - - - - - - - - - - - - - -+
 
Hi Marty, long time no written!

Thank you for the very helpful directions you provided, as usual I have to say! Unfortunately this is precisely the path our CNC & DBA is trying to avoid, the word pain is an euphemism, I'd rather say a nightmare :(
One of the very first steps in our approach was securing the UTB Open File form.
I am very interested in the list of critical tables/fields, but I don't know if I should dare to ask for it ...
We are not using Citrix, but we are considering the HTML somewhere in the future.
And, I am still at the research step, hoping my post will be replied en masse ... it seems that this Forum is not that responsive as the others, therefore I guess I'll have to publish it on the technical one(s).
When we're finished, I'll publish our results (hoping that others won't have to re-invent the wheel).

Thanking you, again,
Adrian Chimirel
 
Adrian,

Did you get anymore suggestions than what is shown here? We are going live with HR/PR in less then two months, and I was wondering if you had come across anything else on the security side. Also, If you have gone live, what hiccups did you have.

TIA!
 
Hello Jeremey,

No other suggestions, not live ... yet; are we running the same schedule? We'll go live just a few weeks AFTER you do :)
We've launched our parallel, almost finished converting Payroll History, and Security is all over the place - very ready to be tested ... yes, we had LOTS of fun this Halloween!
You're very welcome, keeping in touch.
 
Hi Adrain,

We went live with HR/Payroll 8 months ago and we are still alive. I have to admit that our situation was simple: we do not have coexistence. We used basic security on Fast Path, menus, row security , action security and Application security. When we first went live with HR/Payroll we were still on AS400, and security were based on Tables and files with AS400 security. We moved to SQL about 2 months ago and things were much easier to handle now in terms of security. I was not here in the first phase of implementation but according to history, we did not have any major issues.
Over the past months, errors that repeated are mostly on Vertex, and DBAs. THe biggest issue that we still have presently is Fiscal Year End Roll Over. Just because our version B733.2 does not support this part. I had to code it myself. So, if you guys will go live before the year end, make sure that the Rollover is functionning in your version.
OF course there were hickups and some pains but I can not detail them here because it is too long. So if you need more info, please email to me ([email protected]) and I will be pleased to exchange info.

Have fun
 

Similar threads

Validating QSoft's Claims: Role Limit, Performance, 2 Role Per User Strategy
Replies
7
Views
5K
BPConnor
BPConnor
Table Security versus application and form Security
Replies
3
Views
3K
Luke Phillips
Luke Phillips
New Default Queue for all HR/Payroll reports
Replies
1
Views
2K
cncjunior1
gregglarkin
SAP Admits to `Inappropriate' Oracle Code Downloads
Replies
3
Views
2K
altquark
altquark
Adrian_Chimirel
HR & Payroll & Security issues
Replies
4
Views
2K
KSmithCPA
Back
Top