USER DEFINED OBJECTS€¦ · These UDOs can be very process-intensive on the E1 servers. Test and...

We make JD Edwards work better for people and harder for business

GENERAL SECURITY RECOMMENDATIONS

USER DEFINED OBJECTS - UDOS

Contents

03

04

05

05

06

06

07

08

08

TABLE OF

Section 01

Section 02

Section 03

Section 04

Section 05

Section 06

Section 07

Section 08

Section 09

INTRODUCTION

UDO SECURITY PLANNING

ASSIGN UDOS OWNER(S)

UNDERSTAND UDOS CREATION AND APPROVAL PROCESS

DEFINE UDOS ACTIONS, VIEWS AND CONTENT

DEFINE ROLE REQUIREMENTS FOR UDOS

MANAGE UDOS THROUGH OMW WEB

TEST UDOS

UDOS SECURITY SET UP

Most Companies face the challenge of managing many E1 security types with various levels of complexity. Unlike any other security types, UDOs have their own action security and approval processes which require a certain level of attention in the way they are implemented in Production.

This document outlines some key information and general recommendations on UDO security which might assist you in securing your own UDOs effectively.

Is your organization ready to embrace UDOs?

Do you have a plan in-place to secure them?

Since the introduction of User Defined Objects (UDOs) with release 9.1, UDOs have evolved and multiplied in the JD Edwards’ objects landscape:• Interest in UDOs has grown quite significantly in the JD Edwards End

Users’ community.• Additional security layers have been added to manage UDOs specifically.

01Introduction

General Security Recommendations 3

There are currently 18 types of UDOs in E1 that can be secured.

CORE UDOs:Without a well-defined security framework in-place, UDOs could become challenging to manage over time. E1 System Performance could potentially be impacted in a Production Environment.

• Identify and assign UDOs’ Owners

• Define key players in the creation and approval process

• Define roles and UDOs Actions

• Define all roles requirements for UDOs

• Test and Manage UDOs through OMW Web

02UDO Security Planning

START DEFINING UDO SECURITY WITH THE FOLLOWING APPROACH:

E1 Pages

CafeOne

Queries

Composed Pages

Personal Forms

E1 Search

Task Search

Images

OneView Reports

Grid Formats

Watch Lists

ORCHESTRATION STUDIO UDOs:

Orchestrator

Service Requests

Rules

White Lists

Notifications

Scheduler

4 General Security Recommendations

Assign UDOs owner(s) within each department or across departments. His/her role is to control, assess and approve UDOs created by users to be shared with others, either publicly or specifically at a role or user level.

Delegate UDOs administration to UDO owners (typically super user or managers who are best equipped to manage UDOs efficiently).Grant UDOs Owners access and permissions to the UDO application administration management P98220U.

03

04

Assign UDOs Owner(s)

Understand UDOs Creation and Approval Process• Understand the steps to approve and share UDOs in P98220U

• Identify the players and define the roles involved in the creation and approval process

• Access P98220U for:

• Approving/Rejecting UDOs for sharing and promotion

• Accessing UDO Content in Composite Application Framework or Composed Pages

CREATE / EDITS()

REQUEST TO SHARE(pending approval)

REFUSED(rework)

RE-EDIT Already Shared(reserved)

APPROVED(share)

WORKFLOW ACTIONS (STATUS)


UDOs are personalized objects that users can create for their own use, and share with others, depending on the permissions they and others have been granted.

• Grant the appropriate UDO security permissions to the role(s) by defining who can:

• Create UDOs for personal use

• Create and Publish UDOs for sharing with other users

• Modify Shared UDOs create by other users

• View UDOs

• Access Content in an E1 Composite Application Frame

• Access P00950UO (UDO Security) through P00950/ Form / UDOs: Chose Action, View or Content

• Enable UDOs Features through P00950/ Form / UDOs: Features

05

06

Define UDOs Actions, Views and Content

Define Role requirements for UDOs

• Understand clearly what your role requirements are and define a list of specific “Must Haves” UDOs to include in each role. Define also a list of common UDOs to be shared at a global level (*Public)

• Be selective in what needs to be shared Publicly or at a role level. A common mistake is to grant too many UDOs to a Role or even *Public which can be overwhelming to End Users and somewhat counter-productive

• Stick to the “20/80” Rule. Fewer UDOs assigned to roles is better than too many. Focus on what really matters to users for performing their jobs

• Share /grant UDOs permissions at a Role Level rather than at a user level.

• Manage user exceptions tightly.


07Manage UDOs through OMW Web

It is somewhat easy to fall into the trap of creating, approving and publishing most UDOs in Production and ignoring the basic rules and purpose of an “Object Management Cycle”

• Leverage Object Management Workbench for Web (P98220W) and keep your UDOs consistent across all your environments

• UDOs can be packaged and promoted between path codes through OMW Web

• Follow a certain discipline in testing UDOs in lower environments before deploying them to Production. The process takes longer but the results are worth it, and safer.

Create, Share and Modify UDOs Approve UDOs

Secure UDOsShare UDOs across Path Codes

DV

Import/Export

PDPY

OMW Web UDO Project Promotion

STANDARDIZED PROCESS USING WEB BASED TOOLS


Certain types of UDOs could have a negative performance impact on an E1 System if they are not defined and tested properly.

• Focus especially on Queries, Watch Lists, E1Searches and One View Reports. These UDOs can be very process-intensive on the E1 servers. Test and validate their performance on a non-production E1 system.

• Set up threshold parameters in the JAS.INI of the E1 Web Server to limit the amount of data returned to the end users through the Web.

• Use an alternative business data source for processing certain UDOs such as OneView Reports if real-time data access is not a mandatory requirement. This will avoid any performance issues caused by the intense data retrieval process generated by ie OneView Reports in Production

• Test UDOs before sharing them. Understand the Object Life cycle management for UDOs to safely test them and deploy them in Production.

08

09

Test UDOs

UDOs Security Set up9.1. High-Level Process

Verify UDOs In P9000 UDCs

Activate UDOFeatures

Verify UDOs In P98230 OMW Config

Verify UDOs In P9800022 Web Objects

Grant UDOAction to Roles/Users

Grant UDOView to Roles/Users

Grant UDO Content ***to Roles/Users

UDOS VERIFICATION:

UDO SECURITY SET-UP IN P00950/FORM/UDOS:

*** Content is Only Valid for E1Composite Application frames with the following content: OBIEEs, URLs, Embedded E1 Forms, OVR

%


9.2. Detailed Level Process

9General Security Recommendations

• Verify UDOs in UDC – P9000

• From the home menu, Go to Fast Path and UDC

• Check all UDCs for UDOs exists under Product Code “95” and UDC “UF”


• Verify UDOs in Web Object Application – P9800022

• Ensure that UDOs are listed in P0900022


• Verify UDOs in OMW Configuration – P98230

• Go to Fast Path – P98230

• Select Allowed Actions

• Verify that “Delete” Action is granted to all appropriate roles and all UDOs


• Activate UDOs Features

• Activate UDO Feature in your environment

• From the home menu, Go to Fast Path and enter P00950

• In P00950, Select Feature


• Click on the Access Radio Button to Activate or Deactivate UDOS

• Grant the appropriate UDO Action(s) to Roles or Users


• For any existing Action entries in the Grid, modify a UDO action for Role(s) by Clicking on one of the Radio Buttons “Create”, “Publish” or “Modify” and activate or de-activate the desired UDO(s)


• For Adding a new UDO Action, Click on the Add Button


• For Adding a new UDO Action, Click on the Add Button

• Select the appropriate Object Type, Application and Users shown below

• Grant the appropriate Access Level to the Role and validate the permissions


• Grant View Access to Roles or Users

• For any existing View entries in the Grid, activate or de-activate a UDO for a Role by Clicking on one of the “View” radio button of the role to be modified


• For adding a new “View” Entry, Click on ADD

• Type or Select the Appropriate UDO, Application and Role(s)


• Activate “View” Access by clicking on the “View” Radio Button

• Grant the appropriate UDO Content(s) to Roles or Users


• For any existing “Content” entries in the Grid, activate or de-activate a UDO for a Role by Clicking on one of the “Access ” radio buttons of the role to be modified

• For Adding a new UDO “Content” Access Permission, Click on the Add Button


• Click on the ‘Access” Radio button to Active or De-Activate a content for a specific role


• UDO Tables by UDO Type:

9.1. UDO Tables

TABLE Description

F952400 User Generated Contents Detail

F952410 Composite Page

952415 Image

F952420 OneCenter Watchlists Detail

F952425 Notification

F952430 Advance Query

F952435 Dynamic Form Personalization

F952440 Grid Formats Detail

F952445 EnterpriseOne Search

F952450 CafeOne Layout Table

F952455 Scheduler

F952460 Default UDO Detail

F952471 Modified Web Object Metadata

F9524810 Orchestrations

F9524820 Cross Reference

F9524830 Rule

F9524840 Service Requests

F9524850 Whitelist

• UDO Object Librarian tables:

• UDO Repository Tables:

TABLE Description

F9860W Web Object Master Table

F986OWD Web Object Language Descriptions Table

TABLE Description

F98700D Object Dependencies

F98700H Object Acrhive History

F98700R Object Archive Repository


ONE COMPANY.ONE SOLUTION.

ERP-ONE.

USER DEFINED OBJECTS€¦ · These UDOs can be very process-intensive on the E1 servers. Test and...

Documents

Transcript of USER DEFINED OBJECTS€¦ · These UDOs can be very process-intensive on the E1 servers. Test and...