Auditing security changes

msuters

msuters

Active Member
Hi all,

How in EnterpriseOne does a person track changes to the security
configuration? For application, action, row and other security entries
these are stored in the F00950 table, and modified through the P00950
program, but I cannot see a way to track the history of security
changes, who made what change, and when.

The question extends to auditing menu/role security changes, but I don't
even know where to start looking for that.

Thanks,
Mark Suters
EnterpriseOne 8, Update 1, SP22_S1, Windows 2000, SQL Server 2000,
Citrix XP
#####################################################################################
Note:
This message is for the named person's use only. It may contain confidential,
proprietary or legally privileged information. No confidentiality or privilege
is waived or lost by any mistransmission. If you receive this message in error,
please immediately delete it and all copies of it from your system, destroy any
hard copies of it and notify the sender. You must not, directly or indirectly,
use, disclose, distribute, print, or copy any part of this message if you are not
the intended recipient. Stockland and any of its subsidiaries each reserve
the right to monitor all e-mail communications through its networks.

Any views expressed in this message are those of the individual sender, except where
the message states otherwise and the sender is authorized to state them to be the
views of any such entity.

Thank You.
#####################################################################################
 
Mark,

There are a variety of ways to do this. Up until recently you needed to code either TERs (Table Event Rule triggers) or native database triggers to track changes in this way. About a year ago a set of tools for Database Auditing and CFR21 Part 11 support were release. (CFR21 is a section of the Code of Federal Regulation which applies to the Food and Drug Administration. Part 11 of CFR21 applies to Electronic records). Clients who needed to meet the CFR21 requirements pushed for these tools. Fortunately they benefit everybody else too.

The Database Auditing tools will allow you to generate native database triggers from the OneWorld user interface. You will not need to code them by hand. Using these features introduces some addition CNC maintenance points and considerations during ESU applications. For the most part the feature works fine once configured.

See this link on the KG:
https://knowledge.jdedwards.com/content/KG/Documentation/Private/CFRGuide.pdf

Regards,
 
Hi Mark,

There is a Security History table : F9312 (in System - B7333 data source) where are logged changes made to users (P0092), user security (P98OWSEC) or security workbench (P00950).
You can see it via the P98OWSEC program, in the "Screen" exit Bar, Security History.

But be extra carefull with that program !! I read several posts here of people who delete records in it and it deletes the User concerned !!
It seems there is a join between F9312 and F0092 tables.
(it also means that in the program, you cannot see the changes made on a user that not longer exists in the F0092 ... So take a look in UTB !)

To clean the records, there is a batch : R9312. But i read the records dealing with a user that not longer exists are not deleted.

I suggest you to make a search on this forum with "security history" and you'll have some feed back about that.

Cheers,
 
Is it just me or does ERP8.0 delete the security history for a user when you delete the user record in P0092?

Go ahead and try it with a test user. Maybe I am missing something but I now have an auditor wondering why we are not tracking user deletions.
 
Oracle responded quickly to get me the answer:

The underlying table for Work With Security History is the F9312 and it retains the security history records. However, the Work With Security History will only display the security history for users with a current user profile in F0092.

Here is the statement that makes Work With Security History a list of history records for *only current users*:

SELECT T0.SHUSER, T0.SHEVTYP, T0.SHEVSTAT, T0.SHMKEY, T0.SHUSR0, T0.SHPID, T0.SHUPMJ, T0.SHUPMT, T0.SHDTOFF, T0.SHTMOFF, T1.ULUSER, T1.ULUGRP FROM SYS7334.F9312 T0,SYS7334.F0092 T1 WHERE ( T1.ULUSER=T0.SHUSER ) ORDER BY T0.SHUPMJ DESC,T0.SHUPMT DESC,T0.SHUSER ASC





[ QUOTE ]
Is it just me or does ERP8.0 delete the security history for a user when you delete the user record in P0092?

Go ahead and try it with a test user. Maybe I am missing something but I now have an auditor wondering why we are not tracking user deletions.

[/ QUOTE ]
 
Back
Top