Security on F00165

Hi list,

I have setup row security on OBNM filed in F00165 not allow deletion for buyer role. However, still the users can delete attachments. My setup is (we are using inclusive row security);

buyer, F00165, OBNM, GT0000, GT4300,Y,Y,Y,Y
buyer, F00165, OBNM, GT4301, GT4301,Y,Y,N,Y
buyer, F00165, OBNM, GT4302, GT4399,Y,Y,Y,Y

Do I have to make any other additional setup.

I don't think you can secure attachments in XE. The row security you have set up will probably prevent the deletion of the F00165 record but the attachment will get deleted. If anyone knows different please let me know. I would also like to prevent the deletion of attachments. Thanks.

Patty

We started doing this beginning of this year. It seemed to work well when I tested, and I "believe" it is working as intended. A few caveats...

We're not using Inclusive, but I can't imagine that would make it work for us and not you. My Ys and Ns are structured similar to yours, with ranges of GTs. Except - Where I prevent delete, I also prevent change. After all, allowing a change to a text attachment would also allow changing it to a 'blank' attachment. The delete only prevents deleting the F00165 record itself.

We're not using Solution Explorer/Roles, we use original OneWorld menus/groups

I don't recall testing with other attachment types (but I may have). I would have been focused on the generic text attachments.

I'm sure you're aware, but in case you overlooked... If the user has any row security for the F00165 defined at the user level, the buyer group security won't come into play.

Patty,

I have know idea if this will work, but what about securing (in the operating system security not JDE) the folder(s) containing the any attachment files, allowing add and change, if needed and diallow delete.

Peter

Thanks for you response. I don't think that will work. Some people will still need to delete attachments. Isn't setting security on the server an all or nothing proposition?

Patty

You could add an exit security record to disallow certain groups from choosing the row -> attachments exit. But, this will take away their ability to both add and delete attachments.

You can set Windows directory security by groups/user just as you can within OneWorld, though it is another layer of security to setup. The Tech SIG has an enhancement request to provide media object security. This request has been accepted and is 'in scope' for tools release 8.96.

Jean

That's great news that Oracle is doing this mod. What release do you think it will be in or will it be in a service pack? Server security is controlled by another group in IT. It's not really a workable solutions.

Patty

Patty,

I think Jean's reply has covered this pretty well. Windows security is definitely not an all or nothing, and can be applied on a file(folder)/user(group)/access basis. With our setup it would be quite easy to do what is required, because the users that would delete any attachments already have broad access to the server, and public access is very limited.