Menu Limits vs Security

Is anyone out there using actual JDE Application security with *PUBLIC/*ALL(no access) and granting back priveledges where needed, or does JDE just say this is the way to go even though everyone uses menu limitations?

If you do secure with a deny-all and grant back, did you really go through each app with CrossReference to map what access needs to be granted, or is there a map precreated somewhere that I haven't found?

Also, did you start your JDE system in World or OneWorld?

-Rn
(Xe, SP16.0, not-coexistant, Citrix)

We are about a 5 week Go Live and we did the deny all and grant back.
So far, I've had to go back through each app and map what access needs
to be granted. I've asked around to my CNC guy and JDE for something
precreated and there isn't a thing. I just ran into a big problem with
the delete confirmation box not being granted to a group. Check out
document id ott-01-0106 and 0107. I'm running into issues with my
developers and OMW. It is very tedious and I still have a long way to
go. I'm also using Solutions Explorer instead of OneWorld Explorer
which just adds to the mix!

Stacy

Xe, SP16.1, Update 2, W2K, SQL2K

1-2-2
We use this type of security, but we created special menus for each role,
then working with the menu id grant security back. However, from within an
application that calls a third or fourth application, we had to use the
admin login to trace that back.

Joy Fernandez, JDE System Administrator
Pedernales Electric Cooperative, Inc.
830-868-5035
[email protected]

Rn :

I've tried that way, it works fine but it's very time-expensive.
You can't imagine how many applications do users, even the more
restricted ones, need to invoke!
And, if you plan to apply that apply you should also be thinking on
OneWorld and SQL data security schemes (Row-Column-Table security).

Sebastian Sajaroff

1. Yes - we went the deny-all approach. This is the only secure way. Menu's only partially limit access in OW.

2. No - we did not use Cross-Reference - rather we worked with the users to determine what was needed by who. Exceptions were granted back on a case by case basis after implementation of the security scheme.

3. We started in OW.

Suggest you search the forum's archives on this subject for more info on what different sites have done - this has been discussed before.

Larry Jones
[email protected]
OneWorld XE, SP 15.1
HPUX 11, Oracle SE 8.1.6
Mfg, Distribution, Financials

rnygren,

Several of our clients use this method. The one we are currently working on is Co-existence and the security was already setup on the World side so we are pretty much mirroring that on the OneWorld side. You will have to go through every program and grant back the ones you want. Check out the Excel spreadsheet that David Mallory post @ http://www.jdelist.com under downloads. It is a list of most of the programs that need to be granted back.

Hope this helps,

Robby

XE U3 SP17 Windows2000 SQL2000

We have used the same approach as Larry Jones: deny all and grant as needed.
We did not use Cross Ref. For the exits, I looked at all of them (2 weeks
work) and plugged those needed entries into the setup also. If you go to the
JDEList web site, Downloads, and see "Security Settings by Program and User
Groups Spreadsheet", that is the security setup we have, for the GL, AP, FA,
JC, purchasing, and inventory modules. The trick is finding all the programs
which get called by programs on the menu (in system 00, 98, 99, etcetera).
We found doing it this way was workable, although quite a bit more work, and
we like the results. We started in One World.

Dave Mallory Denver Water

About half of my clients use this approach. No map that I know of.

At one we wrote a program that generated the security records from the menu and cross reference. We then pared this down using common sense and application knowledge.

The others started with what the application experts knew and guessed at the rest.

I have others that choose to accept the risk of using the menu for security.

Dave.

David D. Helsley, Inc.
[email protected]
Xe, Unix Sp16.1, Oracle/MSSql, TSE

We are using the *public/*all (no access) method. Because we are still in
the (Xe) implementation phase, I have created a "test" user for each
application grouping, and have the application specialist on the team
exercise the functionality and let me know where I need to make changes to
the security. Once a group is set up, it only takes a few minutes to go back
in and grant or take away authorities as needed.



Xe, SP 15.1, Update 2, ES=AS/400 V4R5, CO=AS/400, Deployment=AS/400 INS Card, Thick & Citrix Clients

Hi All

I know of a company that has built a security matrix, along with the tools to implement OW security. This product is impressive!

I don't want to rock the boat regarding advertising, so please contact me privately and I can pass on the contact details.

My email address is [email protected]

Kind regards
Terry

OW XE SP14.2 ES=AS400 V4R5, DS=NT4.0