JDE Security

[WSchmatz]

I have a client that would like to enhance their JDE security. Currently they are securing their system mostly by building custom menus, limiting the use of fastpath, and securing user options in particular objects. This is not sufficient for their auditors. They are looking into some security software from QSoftware called QBuild and Qcomponents.

Does anyone have any experience with this software?

Also are there any published guidelines for security in JDE? They are looking for a best practices document. Is this available?

 

[jean_driscoll]

I wrote a paper for JDETips which describes most of the security that needs to be setup. It's called Securing World Software. I will be extending the paper in January to include OneWorld, but the basics are in the World paper. You can find my paper at www.JDETips.com. Here are some resources I used:
1)IBM Tips and Tools for Securing your system – IBM Publication SC41-5300-05
2)On-line Security Auditor – links directly to on-line documentation, creates a CL that can be run. www.as400.ibm.com/tstudio/secure1/index_av.htm
3)OPNAV – Security Wizard – helps configure security, can run in report mode
4)IBM AS/400 Security Reference Guide
5)IBM AS/400 TCP/IP Configuration and Reference, Appendix B
6)JDEdwards Knowledge Garden –
a)World – SAR 2662948 – World Software Security,
b)OneWorld – Setting up AS/400 OneWorld database security.
c)OneWorld - document oti-01-0010 – Changing the JDE Password,
d)OneWorld - document oti-99-0012 – Issue causing ONEWORLD profile to have *ALLOBJ special authority,
e)OneWorld document OTI-01-0082 – Windows 2000 registry issues
7)IBM Redbook – JDEdwards OneWorld Implementation for AS/400
8)OneWorld Security Tips – Paul Greer

 

[WSchmatz]

Jean;

Thanks for the resources. I will check them out.