Row Security - using RP24 data item


With inclusive row security, what would I need to do to secure a data role from seeing business units of the company they have access to if the business unit don't have a value of 125 for category code 24 in the business unit master.

This is what I have done so far but is not working, meaning they still can access the business unit with the access they have to the company of the business unit. The idea is for the data role to only show business units if the values of category code 24 in the business unit master is 125. The reason we would like to handle this way is to allow the business user to control from P0006 what business units the data role can access.

S T Obj Name Data Item From Data value Thru Data value R A View Add Chg Dlt
4 F0006 RP24 1 124 N N N N
4 F0006 RP24 126 ZZZZZZZZZZ N N N N

Would I need to include a *PUBLIC record to allow view, add, chg, and dlt. And then include the two row security records above to only allow a specific data role access to business unit with value 125 in category code 24?

What about the range? I have not been able to find any documentation regarding how range works in workbench security or if is possible to use wildcards. Any advise would be appreciated.
Oracle guided me to the following guide to setup DD. Will review and implement.

Also, Oracle suggested the following methods:

Method 1 Build and deploy a full server package

Build and Deploy a full server package. The auto-discovery process or on-demand generation will then occur for the JAS serialized objects to be regenerated automatically.


Method 2 Run manual generation

Run a manual generation of the data dictionary data item. After manual generation, clear serialized objects cache in Server Manager. For information on manual generation review section Setup Generation Machine for Tools Release 8.96 and above in Document:1352463.1 E1: GEN: Generation Process Setup, Best Practices and Known Issues When Starting Generation.


Method 3 Build a server update package

This method applies, starting with tools release with the Quick Package Deployment Functionality Document 1093018.1.

Identify the table that has a column based on the particular data item in UTB or Databrowser of table F98711 Table Columns. Type in data dictionary alias in QBE(TDOBND) in UTB or QBE(Data Dictionary Object Name) in Data Browser.

Deploy an update package of the identified table to the enterprise server. On-demand generation will occur for the table and the data dictionary items referenced in the table. There is a known issue with deploying update package of table that contains Table Event Rules (TER, also known as Table Trigger), reported in Bug 18163361 TABLE WITH TER, SERIALIZED SPECS NOT CLEARED AFTER DEPLOY UPDATE PKG TO SERVER and fixed in tools release and above. If file Fxxx.c exists in the source folder of the full package, this confirms the table has TER/Table Trigger. Workaround prior to tools release is to manually generate the data item using Method 2 above.
If jas logs show error messages of columns in table do not match spec after deploying changes, restart the web services.

I think it would be useful to understand that row security is essential "where" clauses appended to the SQL "fetches" that are used by the system every time a program needs to get data from the database. i.e Instead of 'Select * from F0006' you have 'Select * from F0006 where MCU = x'. Hence if you put security on to the MCU or to the RP24 data item for F0006 it effects the data retrieved from F0006.

However, business units are present in many JDE tables - so if you want to restrict all those tables then you have to apply the security to MCU not to RP24 - make sense?
Last edited:
Hi Luke.

I want to apply security on PYE - Payee Number.
The table F0413 does not contain either CO or MCU.