We moved LinkedIn:  Follow our new page

Technical--Security

HomeMain Search PageTechnical--Security

"JDEtips on Technical--Security"

Subscribers: After logging in  here, click on the title of the documents you want to view or download.

Not a Subscriber? Gain access to thousands of pages of invaluable articles on hundreds of JDE topics. View subscription options

Even if you are not a paid subscriber, you can read the first two pages of most JDEtips Knowledge Express articles to get an idea of our content.

Return to Search


Size: 1.76 MB, Version:1.0, Publication Date:4/11/2024
SSL is an essential technology for safeguarding online communication. Avoid leaving your data vulnerable to potential hackers! Refer to this article to learn how to configure SSL in E1, and dispel the myth that SSL connections are slower than unsecured ones.  
Size: 1122 KB, Version:1.0, Publication Date:1/4/2022
Segregation of Duties (SoD) means that no individual should have access to execute transactions across your business without appropriate controls in place. Whether you are implementing JDE Security yourself, or you are using a third-party toolset such as ALLOut Security to assist you, it is important to have a fundamental understanding of SoD rules. This article is an easy-to-read summary of SoD and introduces you to some very important industry best practices in conjunction with critical E1 processes.  
Size: 596, Version:1, Publication Date:10/5/2021
In JDE, users can now have up to 30 Roles. In this article, Beth discusses how to use these to design security roles based around an employee's most basic job functions. This will allow an organization to respond quickly to personnel changes for things such as vacations or illness, or organizational changes for promotions, etc., without upsetting the normal daily office routine and also adhering to Segregation of Duties and other audit requirements.  
Size: 1.14 MB, Version:1, Publication Date:1/8/2021
Since EnterpriseOne has shifted to a pure internet architecture, HTTP protocol has become the sole means of access to applications for end users. E1 became accessible through any certified version of the different browsers available in the market. This allowed for a simpler and broader exposure to users across dispersed locations via networks or internet. We explain the process of securing this protocol by enabling SSL (Secure Socket Layer) over HTTP so administrators can ensure that access to the JDE E1 web server is authentic and encrypted via HTTPS instead of HTTP. The steps provided are based on Oracle WebLogic Server versions 11g and 12c on Microsoft Windows.  
Size: 1.01 MB, Version:1, Publication Date:1/7/2020
Most organizations realize the importance of securing their data and access to that data. In addition, regulations such as Sarbanes-Oxley in the US have increased the need for, awareness of, and thoroughness of security reporting requirements. However, security setup in JDE E1 is the key, and can be an onerous and complex task. In this article, Alex Rippingale from ALLOut Security breaks down the issue of compliance reporting into four key areas (User Security Access, Data Access, Segregation of Duties, and Access Auditing) and explains how to best address the setup for each area.  
Size: 692 KB, Version:1, Publication Date:7/9/2019
Many years ago, the trend in JDE security was to implement an Open Security model. Over time, requirements have changed and many companies are moving to a Closed model. This move, however, is not simple. This article from ALLOut Security describes industry best practice for moving from an Open to a Closed model.  
Size: 1.02 MB, Version:1, Publication Date:7/12/2018
With more and more security breaches reported, organizations must be increasingly diligent about protecting their data. At the same time, user administration in JDE can be time consuming and challenging. This Role Implementation Tool Kit simplifies the process and provides step-bystep instructions to help you set up JDE Roles at your organization.  
It just gets better and better. In this article, Alex Rodriguez writes about new security features in JDE, such as SSL over JDENET and Password Encryption and how to implement them. He then shares, based on years of experience, security best practices for the various servers and applications, including those pertaining to the newer features.  
Size: 763 KB, Version:1.0, Publication Date:4/1/2015
If you are avoiding row security in EnterpriseOne due to concerns about performance, this article will help you understand how you can have it both ways, or at least lessen the amount of performance degradation through effective use of indices.  
Size: 567 KB, Version:1.0, Publication Date:12/30/2014
OK, everybody out of the pool. Now let's consider who really needs access to which functions and the best way to have a secure yet usable system. This article goes into the why and how to achieve this desirable result.  
Size: 407 KB, Version:1.0, Publication Date:12/19/2013
OK, everybody out of the pool. All it takes is a simple SQL script to go from wide open to shut down tight. Protecting the data is Mission One for any ERP system, and this article shows you how to close the gaps left in place after a default JDE installation with Oracle Database.  
Size: 13 MB, Version:1.0, Publication Date:12/7/2011
Zip file for the December 7th, 2011 recording. Please note--this is an MP4 file. You may need to update your video player or download Apple's QuickTime video player to view.  
Size: 2 KB, Version:1.0, Publication Date:12/7/2011
What are the main functional JD Edwards security types? Would you like to understand them better and learn how they work? Join us, and JDE Security expert Brian Connor from ALLOut, as we define data security and explain the roles that go along with each type. We'll show you role sequencing and how to address the deficiencies many customers live with. You'll come away with an understanding of the "6 layer hierarchy" and learn how to manage conflicts. This security overview is suitable for all versions of JDE. Once we complete the overview we'll take a brief moment to share a toolset that easily fills the security holes in vanilla JDE.  
Size: 416 KB, Version:1, Publication Date:12/22/2010
Tasked with security for JDE? It's a never ending challenge for most administrators, with so many aspects of the system to consider and so many opportunities to miss something crucial. In part two of his series on EnterpriseOne security best practices, Gregg Larkin delves deeper into the system itself and presents some best practices with regard to web servers, integration servers, local browsers, and more.  
Size: 1 mb, Version:1, Publication Date:10/28/2010
Here is a tip that's long been on our requested list. If you're a JDE administrator, chances are you've been diverted more than once (a day) from whatever you're working on to reset a password. The more frequent the requests, the more time consuming it becomes for both you and your users--and we know you both have much more important things to do. Surely, there's a way to allow users to reset their own passwords. Yes, but stop calling me Shirley. In this article, John Gersic details just such a solution, source code included. Can we all say "Hooray!"  
Size: 247 KB, Version:1, Publication Date:4/30/2010
Think EnterpriseOne security and you're probably thinking about application security. But there's a much bigger picture that needs to be considered when reviewing your security practices with respect to your EnterpriseOne system. In this article, Gregg Larkin takes you on a tour of all of the servers and areas external to the applications that could bring unwanted exposure if they're not locked down.  
Size: 444KB, Version:1, Publication Date:3/9/2009
Row security might not be your first choice for data restriction, but there may be times when it is the best option--such as when proprietary or confidential information is involved and locking out an entire application is not a practical solution. In this white paper, Andy Vanspranghe discusses the security benefits vs. the system performance gotchas associated with row security in EnterpriseOne.  
Size: 417KB, Version:1.0, Publication Date:8/24/2007
Who's been making changes to your database? If your company uses a proxy user; i.e., "sign-on security", your audit trail will show one user only for all changes made. That's not exactly what the auditors are looking for when they ask to see which individual users made which changes. So how do you get around this issue? Bill Loban provides the steps you'll need to make to the JD Edwards security model in order to reflect individual users (and keep those auditors happy!)  
Size: 281KB, Version:1.0, Publication Date:9/21/2006
You can't be too safe when it comes to operating system lock downs. Yet so few companies go beyond user roles and Object Authority to secure their systems. Glenn Robinson tackles this all-too-important topic with regard to i5/OS. So read on for how to protect your data from unauthorized access and save the office mischief for less dastardly deeds (like putting the office coffee pot back on the burner empty).  
Size: 541KB, Version:1.0, Publication Date:9/21/2006
Well, the title certainly tells the tale of what's to come. Gregg Larkin, fka "Mr. Solution Explorer Guy" switches gears this issue to share a relatively unknown "gotcha" he recently encountered with Webshere's security and the tips he learned overcome it. If you're a CNC or tasked with any sort of JD Edwards security and use Websphere 5 or 6, this is a MUST READ.  
Size: 532KB, Version:1.0, Publication Date:1/19/2006
We all know that when our software offers us flexibility, it also forces us to make many decisions. Some must be based on practicality, some are cost-based, and some are purely technical. Now we are faced with an entire new level of decision-making based on regulatory requirements; most specifically in this case, the Sarbanes-Oxley requirements. Michael Moorman demonstrates the primary differences between Menu Security and Deny *All Security, and shows us how and why the latter is going to get you a lot farther with your SOX audit.  
Size: 213KB, Version:1.0, Publication Date:5/6/2005
Mike Wright offers a custom solution for comparing user or group security profiles. This can help you when you need to change security for an individual or if you want to ensure that groups are set up correctly. It is also a handy tool for simply "cleaning house", where you might want to eliminate duplications among security groups or remove profiles that are no longer needed. We think you'll find this tip very helpful in streamlining and auditing your security environment.  
Size: 329KB, Version:1.2, Publication Date:3/20/2005
There's nothing like the voice of experience! Ellen Deak set off to create some reports for her security system, and found many landmines along the way. This article draws a map around the craters and shows us how to delve into the nether regions of the security structure to get just the data we are looking for. You can read the "short" version of this article in the March 2005 issue of JDEtips or select this document, which includes Ellen's custom code.  
Size: 579KB, Version:1.0, Publication Date:3/11/2005
We must admit to some trepidation when faced with an article that points out exactly how to get around EnterpriseOne security to view reports that we oughtn't. But somehow, presenting the solution without a full description of the problem just didn't work for us either, so here's your opportunity to learn how to be naughty. Just please do read the rest of the article! If you are not a CNC, be sure your CNC knows about this article. The job you save could be your own!  
Size: 304KB, Version:1.0, Publication Date:3/11/2005
Okay, who's been messing around with my User ID? How come my Role seems to be different? Or, My Password doesn't work; should I be cleaning out my desk? No? Boss say's you're okay? Then you'd better find out who changed your security settings. But how? Mike Wright shows us the way by giving us a tour of the Security History functionality - how to set it up and get it started, how to use it, and how to manage and purge the data.  
Size: 445KB, Version:1.0, Publication Date:3/11/2005
There's nothing like the voice of experience! Ellen Deak set off to create some reports for her security system, and found many landmines along the way. This article draws a map around the craters and shows us how to delve into the nether regions of the security structure to get just the data we are looking for.  
Size: 112 KB, Version:1.0, Publication Date:7/1/2003
This paper defines an approach for systematically reviewing your JD Edwards security implementation to see how effectively it has been applied. Each area of JDE security is discussed in depth. Alex covers the core security features of JDE security in order that you can effectively lock down your system. A very detailed, useful review!  
Size: 750 KB, Version:1.0, Publication Date:1/1/2003
Alex is a World and OneWorld security expert, having been intimately involved in the development and support of QS Software's ACQUILA and Qbuild products for the JDE market. Who better to give us his thoughts on how to setup OneWorld security, than someone who does it fulltime? For the novice and expert alike, this is an excellent white paper on overall security strategy.  
Size: 1.4 MB, Version:1.0, Publication Date:1/1/2003
Alex is a World and OneWorld security expert, having been intimately involved in the development and support of QS Software's ACQUILA and Qbuild products for the JDE market. Alex does a great job explaining all the ins and outs of OneWorld Version Security.  
Size: 350 KB, Version:1.0, Publication Date:11/1/2002
Jean has worked with JDE's World and OneWorld software for 15 years, and has "been there and done that" when it comes to setting up security. The first step is always the same, designing a good security plan. Get a head start on designing your security plan with Jean's help.  
Size: 150 KB, Version:1.0, Publication Date:1/1/2002
Benefit from Jean's many years of experience with WorldSoftware Security. This 16 page document is filled with helpful tips on implementing security.  

Unable to find what you are looking for? Feel free to submit your topic as a potential article via our Request Information form.