• Introducing Dark Mode! Switch by clicking on the lightbulb icon next to Search or by clicking on Default style at the bottom left of the page!

WorldSoftware Object Security

prumschlag

Active Member
Has anyone implemented JDE's solution to the Object Level Security issue. As
you probably know, the user profile JDE owns all the objects (files, programs,
etc.) in the system and, as a default, all users are members of group JDE. This
works well if you stay within the friendly confines of JDE's menu and security
functions. However, for the more creative user who is familiar with FTP,
Network Neighborhood, or Client Access File Transfer, the gate is pretty much
wide open.

SAR 2662948 is JDE's answer. The good news is that it appears to be a very
complete analysis of this issue - a 22 page document with plenty of gotcha's and
however's. The bad news is that it is a very complete analysis of this issue -
not a simple 15 minute implementation.

Anyone out there actually done this? Any advice?

Phil Rumschlag
World 7.3 Cum 8
 

ineese

Member
We just finished implementing object level security on over 100 production
libraries on the AS/400. Unfortunately, it was not a quick process - not due
to difficulty, but sheer volume. We used authorization lists to secure the
libraries, objects, and certain commands. If you would like more details,
you can contact me at ineese@atlanticmarine.com.
 

cbower

Active Member
Phil

How do you get PCCPY SAR 3385954??? That is the document which is
listed in the SAR you mentioned... I assume that is the white paper.

Chuck

----- Original Message -----
From: "prumschlag" <prumschlag@phdinc.com>
To: <jdeworldml@jdelist.com>
Sent: Wednesday, February 14, 2001 3:04 PM
Subject: WorldSoftware Object Security


>
>
> Has anyone implemented JDE's solution to the Object Level Security issue.
As
> you probably know, the user profile JDE owns all the objects (files,
programs,
> etc.) in the system and, as a default, all users are members of group JDE.
This
> works well if you stay within the friendly confines of JDE's menu and
security
> functions. However, for the more creative user who is familiar with FTP,
> Network Neighborhood, or Client Access File Transfer, the gate is pretty
much
> wide open.
>
> SAR 2662948 is JDE's answer. The good news is that it appears to be a
very
> complete analysis of this issue - a 22 page document with plenty of
gotcha's and
> however's. The bad news is that it is a very complete analysis of this
issue -
> not a simple 15 minute implementation.
>
> Anyone out there actually done this? Any advice?
>
> Phil Rumschlag
> World 7.3 Cum 8
>
>
>
>
>
> --------------------------
> To view this thread, visit the JDEList forum at:
>
http://198.144.193.139/cgi-bin/wwwthreads/showflat.pl?Cat=0&Board=W&Number=5
623
> *************************************************************
> This is the JDEList World Mailing List.
> Archives and information on how to SUBSCRIBE, and
> UNSUBSCRIBE can be found at http://www.JDELIST.com
> *************************************************************
>
>
 
We use Safenet to secure our users that use FTP, ODBC, etc to access jde
files...

Check it out.

http://www.kisco.com/safenet.htm

Rich

At 12:04 PM 2/14/2001, you wrote:


>Has anyone implemented JDE's solution to the Object Level Security issue. As
>you probably know, the user profile JDE owns all the objects (files, programs,
>etc.) in the system and, as a default, all users are members of group
>JDE. This
>works well if you stay within the friendly confines of JDE's menu and security
>functions. However, for the more creative user who is familiar with FTP,
>Network Neighborhood, or Client Access File Transfer, the gate is pretty much
>wide open.
>
>SAR 2662948 is JDE's answer. The good news is that it appears to be a very
>complete analysis of this issue - a 22 page document with plenty of
>gotcha's and
>however's. The bad news is that it is a very complete analysis of this
>issue -
>not a simple 15 minute implementation.
>
>Anyone out there actually done this? Any advice?
>
>Phil Rumschlag
>World 7.3 Cum 8
>
>
>
>
>
>--------------------------
>To view this thread, visit the JDEList forum at:
>http://198.144.193.139/cgi-bin/wwwthreads/showflat.pl?Cat=0&Board=W&Number=5623
>
>*************************************************************
>This is the JDEList World Mailing List.
>Archives and information on how to SUBSCRIBE, and
>UNSUBSCRIBE can be found at http://www.JDELIST.com
>*************************************************************

===========================================================
Rich Buttenhoff Phone:(208)799-4181
Potlatch Corporation Fax:(208)799-1687
805 Mill Road Mailto:rich.buttenhoff@potlatchcorp.com
Lewiston, ID 83501-1016 http://www.potlatchcorp.com
===========================================================
Walking on water and programming from
specifications are easy, if both are frozen.
===========================================================
 

prumschlag

Active Member
Chuck,

I have logged a service request with JDE on that question myself. I will post
their response.

The 22 page document I have is from SAR 2662948. You can get it from the "Code
Change" option.

Phil








cbower <cbower@coachmen.com> on 02/14/2001 03:46:43 PM

Please respond to jdeworld@jdelist.com








To: jdeworldml@jdelist.com

cc: (bcc: Phil Rumschlag/PHD)



Subject: Re: WorldSoftware Object Security








Phil

How do you get PCCPY SAR 3385954??? That is the document which is
listed in the SAR you mentioned... I assume that is the white paper.

Chuck

----- Original Message -----
From: "prumschlag" <prumschlag@phdinc.com>
To: <jdeworldml@jdelist.com>
Sent: Wednesday, February 14, 2001 3:04 PM
Subject: WorldSoftware Object Security


>
>
> Has anyone implemented JDE's solution to the Object Level Security issue.
As
> you probably know, the user profile JDE owns all the objects (files,
programs,
> etc.) in the system and, as a default, all users are members of group JDE.
This
> works well if you stay within the friendly confines of JDE's menu and
security
> functions. However, for the more creative user who is familiar with FTP,
> Network Neighborhood, or Client Access File Transfer, the gate is pretty
much
> wide open.
>
> SAR 2662948 is JDE's answer. The good news is that it appears to be a
very
> complete analysis of this issue - a 22 page document with plenty of
gotcha's and
> however's. The bad news is that it is a very complete analysis of this
issue -
> not a simple 15 minute implementation.
>
> Anyone out there actually done this? Any advice?
>
> Phil Rumschlag
> World 7.3 Cum 8
>
>
>
>
>
> --------------------------
> To view this thread, visit the JDEList forum at:
>
http://198.144.193.139/cgi-bin/wwwthreads/showflat.pl?Cat=0&Board=W&Number=5
623
> *************************************************************
> This is the JDEList World Mailing List.
> Archives and information on how to SUBSCRIBE, and
> UNSUBSCRIBE can be found at http://www.JDELIST.com
> *************************************************************
>
>




--------------------------
To view this thread, visit the JDEList forum at:
http://198.144.193.139/cgi-bin/wwwthreads/showflat.pl?Cat=0&Board=W&Number=5627
*************************************************************
This is the JDEList World Mailing List.
Archives and information on how to SUBSCRIBE, and
UNSUBSCRIBE can be found at http://www.JDELIST.com
*************************************************************
 

prumschlag

Active Member
We should probably keep this discussion on line, as there are others interested
in this thread.

We are supporting a single company, so we don't have the volume issue to deal
with. However, we don't have a development box to work on, so testing becomes
problematic. We will have to get it right the first time.

I am not looking forward to spending weeks analyzing the JDE document versus our
own idiot-syncrasies.Did you follow the JDE plan, or did you do the analysis
yourself and develop your own plan.

Phil








ineese <ineese@atlanticmarine.com> on 02/14/2001 03:43:23 PM

Please respond to jdeworld@jdelist.com








To: jdeworldml@jdelist.com

cc: (bcc: Phil Rumschlag/PHD)



Subject: RE: WorldSoftware Object Security








We just finished implementing object level security on over 100 production
libraries on the AS/400. Unfortunately, it was not a quick process - not due
to difficulty, but sheer volume. We used authorization lists to secure the
libraries, objects, and certain commands. If you would like more details,
you can contact me at ineese@atlanticmarine.com.




--------------------------
To view this thread, visit the JDEList forum at:
http://198.144.193.139/cgi-bin/wwwthreads/showflat.pl?Cat=0&Board=W&Number=5626
*************************************************************
This is the JDEList World Mailing List.
Archives and information on how to SUBSCRIBE, and
UNSUBSCRIBE can be found at http://www.JDELIST.com
*************************************************************
 

ineese

Member
My CIO approached the security issue from the AS/400 side first and then
JDE. We were charged with securing all objects on the box before even
looking at JDE. Therefore, we did not follow the white paper. There have not
been a lot of problems - mainly because my partner and I have monitored
authorization failures for several months, so we caught the problems before
the user did. We did have 2 major issues but were able to resolve them in a
short period of time. It did take some concentrated planning before hand.
 
Top