Question about security...

swhitmire

Reputable Poster
Hi, we're just setting up OneWorld, and we're curious to know how many
people use user-based security
and how many use system-based. Also, for either scenario, what external
reporting tools, if any, do you use?
Any information is greatly appreciated.

Thanks,
--Scotti Whitmire
DeRoyal Industries
Xe, SP14.2, RS/6000, Oracle 8i.
 

mechele_baker

Active Member
Scott,

We are system based. When you use user-based, you are getting into more
maintenance with having multiple database passwords.

Mechele
Xe, SP14.1, Win2000, NT JAS, SQL6




swhitmire <[email protected]> on 03/07/2001 10:18:14 AM

Please respond to [email protected]

To: [email protected]
cc: (bcc: Mechele Baker/Whittman-Hart LP)
Subject: Question about security...



Hi, we're just setting up OneWorld, and we're curious to know how many
people use user-based security
and how many use system-based. Also, for either scenario, what external
reporting tools, if any, do you use?
Any information is greatly appreciated.

Thanks,
--Scotti Whitmire
DeRoyal Industries
Xe, SP14.2, RS/6000, Oracle 8i.




--------------------------
To view this thread, visit the JDEList forum at:
http://198.144.193.139/cgi-bin/wwwthreads/showflat.pl?Cat=0&Board=OW&Number=6833
*************************************************************
This is the JDEList One World / XE Mailing List.
Archives and information on how to SUBSCRIBE, and
UNSUBSCRIBE can be found at http://www.JDELIST.com
*************************************************************
 

Larry_Jones

Legendary Poster
Scotti,

I assume you mean database security scheme.

A strong argument may be made that the system security scheme (only 1 or 2 database IDs used by all JDE user accounts) is a stronger/safer scheme.

1) Multiple accounts = multiple opportunities for disclosure.

2) Unless you truly understand all the database interactions for all the OneWorld objects you cannot safely assign exclusive permissions on database objects by database user/account (HR/Payroll possible exception to this rule). Attempting to control user access to data at the database level is a dangerous exercise in futility that can cause data integrity problems - consider the affects of granting someone write permissions to inventory master and transaction tables but denying read/write to G/L master and transaction tables.
ERP systems are designed so that functions interact. Clear boundaries do not always exist.

3) Far easier to periodically change passwords on 1 - 2 accounts than on 100 - 200, thereby ensuring that the passwords will be changed.

My 2 cents,

Larry Jones
[email protected]
OneWorld B733.1, SP 11.3
HPUX 11, Oracle SE 8.1.6
SandBox: OneWorld XE
 
Top