UTB/Databrowser security

I’m curious to know how other companies secure the UTB/Databrowser applications. Who has access to these applications; end-users, analysts, administrators? Are row and column security used to restrict what information those users have access to?

UTB is strictly a tech support tool. It isn't useful or intelligible enough to use as a reporting tool.

As for Data Browser, I think there are two schools of thought. One school sees it as UTB on steroids and restricts it to tech support. The other sees it as a stripped down ad hoc reporting tool. Whether you grant access to it to your end users depends a lot on your report development philosophy. If you want to push the responsibility for reporting out to your users, they will need access to something like data browser.

Two techniques:

- Row and columns security on the tables to control what records and fields are available

- Seetting Data Browser security to Deny access to Query selector.

By denying access to Query Selector, users can only access tables by launching Data Browser from an application they have been granted access to. The only data available is that which is in the business view of that application. They will not be able to browse any table or environment in the system.

We made the decision at my current implementation to allow end users access to the Data Browser tool with the above security restrictions. Additional row and column security was required, particularly on HR data, to enable this.

Thanks for your response Joel.

My situation is that I have some accountants requesting access to UTB in the production environment, good idea/bad idea???. If it is decided that they need this access, I was uncertain on how to secure them to not be able to see confidential information. I can use row security on the F9860 table to secure them from looking at specific tables, specifically HR and Payroll, but I'm not sure of the affect this will have on their use of other applications. Or I can use column security on specific tables to block certain columns from view, but this would be many lines of security to implement.

We are not using Databrowser at this time, but the same situation would exist there if we were.

Any suggestions/comments anyone?

[ QUOTE ]
My situation is that I have some accountants requesting access to UTB in the production environment, good idea/bad idea???.

[/ QUOTE ]

Corky,

Stand tough and just say no. UTB is a developer tool, not an end user tool. An End user can use that tool to see all kinds of data that they wouldn't ordinarily have access to. Our security policy is to deny UTB and Fast Path to all but CNC, Developers and Application Leads. If someone has a short term need for UTB, we'll grant it for a few days and then revoke it. If your company has to follow SOX guidelines, UTB access to accountants will not be allowed.

Gregg Larkin
Praxair North American System Admin
JDE CNC and Security, Websphere, Tidal, Princeton Softech

Quote:
My situation is that I have some accountants requesting access to UTB in the production environment, good idea/bad idea???.



Corky,

Stand tough and just say no. UTB is a developer tool, not an end user tool. An End user can use that tool to see all kinds of data that they wouldn't ordinarily have access to. Our security policy is to deny UTB and Fast Path to all but CNC, Developers and Application Leads. If someone has a short term need for UTB, we'll grant it for a few days and then revoke it. If your company has to follow SOX guidelines, UTB access to accountants will not be allowed.

Gregg Larkin
Praxair North American System Admin
JDE CNC and Security, Websphere, Tidal, Princeton Softech
Production: XE, Update 6, SP23G, Win 2K, Win 2K3, SQL 2K, Websphere 5, XPI 4.7, Citrix Presentation Server 3.0 36 servers, over 3000 users from 5 countries "If at first you don't succeed, bungie jumping is not your sport"

Greg,
Thank you for your response and suggestions. I completely agree that UTB gives the end user access to way too much data that would not normally be available to them. I'm also finding out, from more than one department, that the existing reports and applications do not give enough information, in many cases, for business analyst types of users to get the information they need. I'm beginning to think that a lack of an "on-the-fly" reporting tool may be the root cause of users requesting this questionable access. What third party reporting tools do others use to accomodate this? We are primarily a unix/oracle shop.
Thanks,
Corky

Corky,

We use Cognos and Crystal Reports for our reporting needs. There are other solutions out there, including some that connect Excel interactively with your data sources and other third party tools. To help you research this, I would recommend the following sources:

- Quest (Q and A magazine), Website, and the vendor showcase of Collaborate '07.
- JDEtips Journal and JDEtips.com They have some good partners and articles on that kind of stuff.
- Your JDE business partner, whoever that might be.
- Top end consulting groups like The iConsortium (who advertise and contribute heavily to the forum)

Gregg Larkin
Praxair North American System Admin
JDE CNC and Security, Websphere, Tidal, Princeton Softech

ditto what Gregg says.

If you do elect to use a third party reporting tool, make sure the access to the database is via ODA, rather than a straight ODBC connection. This will enforce the F00950 security settings. This allows you to manage all access to the data from Security Workbench. You will still need to consider carefully the row and column security requirements. Remember that you do not have the application layer security available to regulate user access to the tables, so you consider which tables you want to grant access to for every role, and how those restrictions impact the applications built over the tables.