Jd Edwards Security Program

JD Edwards Security Program
Before security can be addressed within the OneWold product, the underlying components must be secured. This includes but is not limited to: 1) Host Systems : a) Deployment Server i) Only allow system administrators to log onto the deployment server ii) Don’t share the package portions of the filesystems and use CD’s for install iii) Don’t share help files iv) Do notplace shared services such as printing or DNS services on this host v) Only run OneWorld on this machine for installs and upgrades vi) Do not create user accounts on this machine, b) Enterprise Server i) Do not allow users to log onto this machine ii) Do not give users job control authority or system administration privileges iii) Do not share or give general access to the OneWorld code and workdirectories iv) Do not allow users to access or read the server .ini files v) Do not allow users to start, stop, or configure OneWorld services c) Workgroup Servers i) Do not allow users to log into workgroup servers ii) Do not allow users access to the file system that supports OneWorld services d) Workstations – considered UNSECURE hosts i) Users can access all information on their machine ii)All validation and control records should be kept off of the workstations e) Windows Terminal Server (TSE) and Web Server i) Treated like workstations ii) Do not store any information on these servers iii) Users should only be able to log onto these servers to run OneWorld and nothing else 2) Database Management Systems. a) OneWorld uses third party Databases to store all data records b) Must beaccessible via network services such as ODBC and OCI c) Databases that are shared or exist on any Server must be secured d) Three Security models exist i) Use system ID’s so that users do not have the ability to log directly into the dB. Secure the dB with OneWorld object security. ii) Allow user ID’s access to the dB. Implement the entire data security model within the dB. iii) Treat the dB asunsecure. 3) Networks a) Servers, Workstations, Printers, Storage Devices b) File Sharing, File Transfers

c) d) e) f) g)

ODBC, OCI Remote Login Sessions Printing Use network domains to restrict user access Use IP filtering to restrict users from overall access to remote networks and network segments

User Profiles OneWorld checks for security by USER ID first. If not found then Group ID ischecked. If security for the Group ID is not found, then all records with *PUBLIC in Group ID field will be checked. If no security is found, then the user has all access. COEXISTENCE In a coexistence environment, security profiles must be maintained on World and OneWorld. Security Strategies • OPEN/RESTRICT • Users have access to all OneWorld Objects (JDE default) • Objects are restricted one at atime from users • Most Work • RESTRICT/OPEN • Restrict access to all applications • Access is granted to one object at a time • Safest Following are 8 generalized groups that are not necessarily all-inclusive and will vary based on client’s needs and business requirements. 1. Application User Group This group consists of end-users based on a specific application (Purchasing, A/R, etc.) This grouphas the tightest security level. Security for this group should be set up to allow access to a custom initial menu and disable fast path. 2. Application Super User Group This group consists of team leads or supervisors of specific Application Groups. Security for this group should be the same as the Application User Group as well as the ability to create new versions, move or copy versions betweenpathcodes, create new menus, and add new UDC values.

3. Workflow Administrator Only applicable is using OneWorld workflow. This role can be shared between various Application Team Leads. 4. Data Dictionary/UDC/Menu Administrator Responsible for making changes to the Data Dictionary, UDC’s and OW menus. Application Team Leads can be responsible for this, but we would recommend having a single...