Row security on User Roles UDC in OMW

Hi all,

Sure is a lot going around on Row security these days. I have no problem
setting up row security and have done it successfully many times, except
this one situation. Please help.

Basically, we are trying to place security on user roles in OMW and you can
setup great allowed action in OMW but when it comes down to it, te user on
any project can go in and change their role to PVC Administrator if they
want to and do any action they want to. We are trying to stop that using JDE
suggested row security on F0005 for field DL01. I have turned on row
security in the data dictionary for field DL01.

This is what my security looks like. I Want to lock everyone out of 'PVC
Administrator

F0005 Description001 0 PVC Administratoq Y Y

Peter J Fourie

Peter,

First, create row security records on the F0005 for *PUBLIC :-

Data Item = Description000
From Value = PVC Administrator
Thru Value = PVC Administrator
Add = N
Change = N
Delete = N
View = N
Alias = DL01

This locks everyone out of seeing those roles. You can add similar records for :-

Documentation
Manager
Product Support
Quality Assurance
Supervisor
Training

Then simply add corresponding ones for your admin group/user but with Y in place of N in any records.

Hope this helps.

Regards,

Graham Jones
CNC Administrator

Xe, Unix on Sun / Update 5 / SP19.1/WTS & fats

This is how I do it:

Row Security:

User Table Data Item From To Add Chng Delete View
*PUBLIC F98221 OMWUserRole 02 99 N N N Y
CNCADMIN F98221 OMWUserRole 01 99 Y Y Y Y
DEVUSER F98221 OMWUserRole 02 02 Y Y Y Y
DEVADMIN F98221 OMWUserRole 02 03 Y Y Y Y


Application Security:

Restrict Access to P98230 (OMW Configuration) to *PUBLIC
Grant Access to P98230 to CNCADMIN


That looks awful huh? Take a look at the attachment instead please.

Peter

I have security for OMW at the form level. To prevent access to changing user roles I have security on W98220D.

Patty

Brother,

I like your idea. My CNC here are using row security over the UDC table so the user don't see the other roles. But it give us the problem that if a role 03 or 06 is included in there project then they don't see it in Omw and it can be confusing.

Thanks for the idea !

Christian Audet

Yeah, it's not perfect. I think you can still select the role because you still have View but when you click OK, you get an error message.

All I know is that it solves that problem of User's giving themselves a "promotion"

Thanks Brother,

I still prefer this way than the UDC security way !

Christian Audet

Thanks for all the input on this - it has been a great help. I still have a
few further questions to test someones brain out there:

1) If I use Column security on Form W98220D on field OMWUserRole and say Y
to View, N to Change and N to Add - all works well and will stop someone who
is already in a project from changing their pre assigned user role. The
problem is that this does not stop them from adding themselves as an owner
to someone elses project. To try and fix this I applied Column security to
Form W98220J but that will not them them pick a role but still lets them be
added to the project with a "blank" role (not good). Anyone have any ideas
on how to handle this second situation?

2) I did try using Row security on F98221 on field OMWUserRole and it seems
to work 80% but I cannt lock it down completely in terms of stopping someone
adding themselves to another persons project. Any ideas here?

3) All would be perfect if i could just get the row security to work on
F0005 on the Description001 field where I can say

*PUBLIC F0005 Description001 PVC Administrator PVC Administrator
N N N N

Once this is set i would then be able to grant back security to those users
who can access PVC Administrator. I tested this on JDE Standalone and it
worked perfectly but at the company it just does not work. Is it this
exclusive row security issue where you have to say wht they can have access
to as well as what they cannot have access to?

Trying hard !!!!


From: christian_audet <[email protected]>
Reply-To: [email protected]
To: [email protected]
Subject: Re: Row security on User Roles UDC in OMW
Date: Thu, 14 Nov 2002 20:15:29 -0800 (PST)

Thanks Brother,

I still prefer this way than the UDC security way !

Christian Audet
Knowledge <font color=black>**</font color=black>[/b]
Implementing B733.4 (ERP8) SP20, SQL Server
--------------------------
To view this thread, go to:
http://www.jdelist.com/ubb/showthreaded.php?Cat=&Board=OW&Number=45179
+ - - - - - - - - - - - - - - - - - - - - - - - -+
This is the JDEList One World® / XE mailing list/forum.
Archives and information on how to SUBSCRIBE, and
UNSUBSCRIBE can be found on the JDEList Forum at
http://www.JDEList.com

JDEList is not affiliated with JDEdwards®

+ - - - - - - - - - - - - - - - - - - - - - - - -+


Peter J Fourie

I set the defaut value of OMWUR to QA. Then instead
of blank, they will come in as QA and at least can't
do any damage. When they open a project they come in
as a Developer. There should be no other reason for
htem to be adding anything but QA to there project.
If they have any unusual reason, they can request the
change.
--- peterfourie <[email protected]> wrote:
http://www.jdelist.com/ubb/showthreaded.php?Cat=&Board=OW&Number=45179
http://www.jdelist.com/ubb/showflat.php?Cat=&Board=OW&Number=45207


=====
Dan Eppich
The Anschutz Corporation
B7332 Coexistant, V4R5 w/central objects
INS Card deployment server
SP16.1
Optio DCS 6.3.2
Fat and Citrix ICA Web Client

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus – Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

Peter

I have application security of N on W98220D. A developer can still add a new project and it defaults to the user role of Developer. When adding a new project this form (W98220D) is not accessed. Afterwards, no one can add themselves to a project or change their user role.

Patty

I stopped the ability to add as PVC by putting row security on F98221/OMWUR. Specify a from and a to value and say add, change delete = "N". We don't allow our devl group to be a 6 - 9.