User Authentication

Hi List,

Who knows how to write function in third party software like VB, or Access to capture OW userid and password and then verify with the password in F98OWSEC?

A further step is to use the db userid and password in F98OWSEC to login to db using ODBC. I would like to build such interface on top of third party reporting tool like Crystal Report or Brio.

Thanks,
Alvin

ES: AIX 4.3
DS: NT
DB: Oracle 8.1.7
JDE: OW Xe SP18
Client: W2K

Hi Alvin,
I don't think you need to capture OW userid & pswd; but if you find a way, please DO share it with us
Crystal Report may connect through ODBC:
- directly to your Oracle database (and your user may provide id&pswd), OR
- through an Access Database, where OW tables may be linked (again, user has to provide id&pswd, unless your link is defined otherwise), and you may connect to other systems, being able to create nice mixed-views.
Warm regards,
Adrian Chimirel
PS I used Crystal Report ONLY when data was split (between OW and other systems), otherwise I found ERW a pretty satisfactory tool.

Alvin,

I do something like what you're trying to achieve (put a front-end on Crystal) where I capture a user ID and password, validate it, and then use a different Database ID and password to connect the report to our Oracle database via ODBC.

JDE has examples of how to access OneWorld functions via COM interfaces on your Deployment Server in the \OneWorld\B7333\Interoperability\Com\Examples\... folder. There is a login method that can be used to validate a JDE ID and password. Read the documents in the ..\COM\Doc folder for ifo on how to do this.

Forget about reading passwords out of F98OWSEC. Although in the past passwords have sometimes been unencrypted there, they are supposed to be, and currently are, stored encrypted.

As far as using this information to connect directly to the database ... forget it. Unless your site has setup individual user database IDs and passwords that match the JDE user ids and passwords exactly this won't work. JDE User Accounts typically point to a single database account and password. Even if they don't, again - the db password is encrypted.

I suggest you consider using a User Group concept where you match User Groups in JDE to a single database account. Your program can lookup the JDE User's group, then lookup a database id/password from a custom table where the password may be encrypted but you control the encrypt/decrypt method.

I'm unfamiliar with Brio but want to say that Crystal has a great COM interface for supplying/changing report data sources (from CRPDTA to PRODDTA for example), user ids, and passwords.

Enjoy - sounds like a fun learning project.

Larry,

Thanks again for your help. I have the following questions:

1. My system admin is setting up user security by groups. Can I convert those groups into db roles for use in setting up access security for table views?

2. We are using column and row security ( a complex security setup). How can the db roles making reference to the security model of JDE?

Regards,
Alvin

AIX Xe SP18.
Oracle 8.1.7

Alvin,

You're welcome. before answering your questions, I would like to know if you have access to a DBA? You really should be talking to him about what you want to do and what makes sense to setup.

Regarding your questions:

1. I guess I didn't make myself very clear before. I do not suggest/reccommend setting up each user with his own ID in Oracle. This is a costly and time consuming exercise. Rather I meant that your should create a oracle User ID (and corresponding role) for each OW user group. That shouldn't be too large a number to create manually.

2. Why try to duplicate column and row security in Oracle? Much of OW column and row security is concerned with controlling updates (granted - some has to do with access - what the user can see). Your Oracle accounts that you create for reporting purposes should have NO ability to insert/update/delete any data in the database.
To answer your question directly, no, I don't know of any reasonable method for Oracle DB security to use JDE's model.
I do know that at least one OW user was going to implement Oracle's Fine-Grained Access control. I don't know if they did and were successful or not. If you really want to find out start another thread on that subject.

I think you're missing the point though of the views. if only the DBA can create a view for reporting purposes, he/she controls the data in the view and who can have access to the view. You don't need to over-complicate things here. The vast majority of the things to be reported on should not have any sensitive data in it (excluding G/L and Payroll).

Regards,