Tools Menu Security?

sashton

sashton

Reputable Poster
Since the announcement that portlets can now be accessed from within E1 pages, we are experimenting with getting rid of a separate portal server and just using an E1page for self service options. We have run into a glaring security loophole. We are unable to remove the databrowser option from the Tools menu that is available by default on every application. For example, I have an E1 page for Employee Self Service options to allow users to view their pay stubs or view their personal profile. Once they are in that application, they can click Tools...databrowser and then browse through all the employee profiles with salary information or paystubs for any employee. I cannot nor do I want to remove ALL databrowser access either, because when they go to another app or page for other legitimate options in their role, they need to be able to open databrowser and view that data. Are there any options besides having multiple user accounts to hide or allow databrowser access?
 
Steve,

Data browser can be secured via the secrity workbench.
 
Steven,

In my opinion, Databrowser and UTB should be reserved for application leads, developers and CNC. I would recommend locking it out for all other users.

For my customers that use HR, they usually lock down access at both the JDE and Database level for sensitive HR tables to prevent that exact scenario.

- Gregg
 
Thanks Gregg. There is an "enhancement bug" in process that I was told from Oracle that needs to be pushed through our Quest user group. I will have to proceed that route.
 
Hi
Just upgrade to 9.1 last week form 8.0
For Data browser security:
We do have it locked to most users, but I want to open it up to a couple super users. Is there a list somewhere of the tables that should be secured? Like HR/PR Tables?
 
We are secure Databrowser in secrity workbench.
let user select by query, not by table and view. it's works fine.

But user can open the default view of program. for example, you can open view V0101E on p01012. There are some sensitive information in p01012 with xxxxxx, but in V0101E, we can see these information, not xxxx.

As you know, databrowser is a good tool. how can we use it? and not security issue. Please advise. thank you.
 

Similar threads

E9.2 Menu And UDC Promotion from DV to PD
Replies
2
Views
384
MFreitag
MFreitag
BOster
E9.2 Where to configure Content-Security-Policy for a JAS server
Replies
0
Views
990
BOster
BOster
Soumen
E9.2 P98220U - Advanced Security
Replies
3
Views
1K
Soumen
Soumen
E8.11 E1 Upgrade
Replies
3
Views
818
aasmasiddiki
JohnDanter2
E9.2 Security to ORCHs - granting access for external .NET developers
Replies
3
Views
1K
JohnDanter2
JohnDanter2
Back
Top