SecurityServer=Enterprise Server
NameDefaultEnvironment=Default Environment This table explains the variable values:
Note: For the JD Edwards EnterpriseOne workstations, enable security by changing settings in the workstation jde.ini file. You should make these changes on the deployment server-resident jde.ini file that is delivered to the workstation through a package installation.
5.5.3 Setting Auxiliary Security Servers in the Workstation jde.ini
Within the [SECURITY] section of the workstation jde.ini file, you can set as many as 10 auxiliary security servers. This example shows how the jde.ini file might look: [SECURITY]
NumServers=Numeric Value
SecurityServer=Enterprise Server Name (primary) SecurityServer1=Enterprise Server Name (auxiliary) SecurityServer2=Enterprise Server Name (auxiliary) This table explains the variable values:
5.5.4 Changing the Timeout Value Due to Security Server Communication Error
You might need to change a setting in the workstation jde.ini file if you receive an error such as:Failure to Communicate with Security Server. Change this section:
[JDENET]
connectTimeout=30
5.5.5 Changing the Enterprise Server jde.ini File for Security
To change the enterprise server jde.ini file for security, you should verify the server jde.ini file settings as shown in this task. Use these settings to specify the internal security parameters, valid users and passwords, environments, and data sources. Locate the enterprise server's jde.ini file.
Using an ASCII editor, such as Notepad, view the jde.ini file to verify these settings:
Setting Value
Security Server The name of the enterprise server. For workstations to sign on and run batch reports on the enterprise server, this value must be the same for both the workstation and the enterprise server.
DefaultEnvironment A name that identifies any valid environment. If no value is specified, security is not enabled for that workstation.
Setting Value
NumServers The total number of security servers (primary and auxiliary) that you set under the [SECURITY] section of the jde.ini file. For example, if you set one primary and four auxiliary servers, the NumServers value is 5. You can set NumServers to any value between 1 and 10. If you do not include the NumServers setting, the system assumes that you have only one server.
SecurityServern The name of a JD Edwards EnterpriseOne enterprise server. The primary and auxiliary security server names must all correspond to valid enterprise servers. The values for both the workstation and the enterprise servers must be the same for workstations to sign on to and run batch reports from the enterprise server.
The variable value n can be a number between 1 and 10. This number defines the auxiliary security server.
dispatchDLLName=name of host dll dispatchDLLFunction=JDEK_DispatchSecurity maxNumberOfProcesses=1 beginningMsgTypeRange=551 endingMsgTypeRange=580 newProcessThresholdRequests=0 [SECURITY]
Security Server=Enterprise Server Name User=user ID
Password=user password ServerPswdFile=TRUE/FALSE
DefaultEnvironment=default environment This table explains the variable values:
Setting Value
dispatchDLLName Values for enterprise server host platforms are: ■ HP9000, libjdeknet.sl
■ RS/6000, libjdekrnl.so ■ Windows (Intel), jdekrnl.dll
■ Windows (Compaq AlphaServer), jdekrnl.dll ■ iSeries, JDEKRNL
For UNIX platforms, values are case-sensitive.
SecurityServer The name of the enterprise server. This value must be the same for both the workstation and the enterprise server for workstations to run batch reports on the enterprise server.
User The ID of a user with access to the F98OWSEC. This is the ID used to connect to the DBMS; therefore, this value must match that of the target DBMS.
Password The password for the user ID with access to the F98OWSEC. This is the password used to connect to the DBMS; therefore, this value must match that of the target DBMS.
ServerPswdFile This parameter is valid for servers operating under UNIX operating systems.
The setting of this parameter determines whether the system uses special password handling for batch reports running on the server: ■ Set the value to TRUE to instruct the system to enable special
handling of passwords.
■ Set the value to FALSE to disable special handling.
When the system runs a batch report on the server, it runs the report using a string of line commands and parameters that includes the user password. Under UNIX operating systems, it is possible to use the process status command (ps command) to query the status of a job and view the parameters that were used to start the process.
As a security measure, you can enable special handling by the software. When enabled, the software does not include the user password in the parameter list for a batch process. Instead, it includes the name of a file that contains the user password. This file is deleted as soon as the batch report reads the password.
DefaultEnvironment The name of a valid environment for accessing the security table (for example, PD810).
5.5.6 Setting Auxiliary Security Servers in the Server jde.ini
Within the [SECURITY] section of the server jde.ini file, you can set one to 10 auxiliary security servers. You set multiple auxiliary security servers to establish levels of default servers. For example, if a machine cannot access a given security server, the machine tries the next security server that is defined in the [SECURITY] section. The settings for the auxiliary security servers might look like this example:
[SECURITY]
NumServers=Numeric Value
SecurityServer=Enterprise Server Name (primary) SecurityServer1=Enterprise Server Name (auxiliary) SecurityServer2=Enterprise Server Name (auxiliary) This table explains the variable values:
5.5.7 Verifying Security Processes in the Server jde.ini
You should define only one process for the security network. You can set multiple processes, but they are probably not necessary. Under the [JDENET_KERNEL_DEF4] section of the server jde.ini file, verify that this parameter is set:
[JDENET_KERNEL_DEF4] maxNumberOfProcesses=1
5.6 Running a Security Analyzer Report
This section provides an overview of the Security Analyzer Report and discusses how to:
■ Run the Security Analyzer by Data Source Report (R98OWSECA). ■ Run the Security Analyzer by User or Group Report (R98OWSECB).
5.6.1 Understanding the Security Analyzer Report
This process generates two separate reports that provide you with an analysis of JD Edwards EnterpriseOne security. The first report is the Security Analyzer by Data Source (R98OWSECA); it is organized and sorted by data source. A blank data source means that security for the System User ID is applicable to all data sources. The Security Analyzer by Data Source report is based on data that it reads from the F98OWSEC table.
Setting Value
NumServers The total number of security servers (primary and auxiliary) that you set under the [SECURITY] section of the jde.ini file. For example, if you set one primary and four auxiliary servers, the NumServers value is 5. You can set NumServers to any value between 1 and 10. If you do not include the NumServers setting, the system assumes that you have only one server. SecurityServerx The name of an enterprise server. The primary and auxiliary security server
names must all be valid enterprise servers. The values must be the same for both the workstation and enterprise servers for workstations to log onto and run batch reports from the enterprise server.
The variable value x can be any number between 1 and 10. This number defines the auxiliary security server.
The second report is the Security Analyzer by User or Group (R98OWSECB); it is organized by user or role. The Security Analyzer by User or Role report is also based on data that it reads from the F98OWSEC table.
5.6.2 Form Used to Run a Security Analyzer Report
5.6.3 Running the Security Analyzer by Data Source Report (R98OWSECA)
This report presents security analysis information for each data source, each user ID, and each role. The report is sorted by data source and then by user ID. This columnar data appears in the report:
■ Data Source
The data source to which the user is secured. Blank indicates all data sources.
■ User ID ■ User / Role
An identification code for a user profile.
■ System User ID
The actual user that JD Edwards EnterpriseOne uses to connect to the DBMS that you specified as the data source. This system user must match the user value that is defined in the DBMS.
■ Change Frequency
The number of days before the system requires that a user change their password. This data can be set by individual user ID or by role.
■ Source Password Changed
The date when a user's password was last changed.
■ Invalid Signons
The number of invalid sign-in attempts by a user. If the retry count value exceeds the number of allowed attempts, the user profile is disabled.
■ Allowed Attempts
The number of sign-in attempts that a user can make before that user profile is disabled.
■ User Status
A value that indicates whether the user can sign in to JD Edwards EnterpriseOne. Values are 01 (enabled) and 02 (disabled).
■ Status
The display status of the User Status field.
Form Name FormID Navigation Usage
Work With Batch Versions - Available Versions
W98305A Report Management (GH9111), Batch Versions (P98305)
Run the Security Analyzer by Data Source (R98OWSECA) and Security Analyzer by User or Group (R98OWSECB) reports.
Access the Work With Batch Versions - Available Versions form to run the Security Analyzer by Data Source Report (R98OWSECA).