SEC QureE1ConfigV30UserManual

SEC-Qure E1Config v3.
0 User Manual For JD Edwards EnterpriseOne

Revision 1.1
This document is copyright to Q Software Global Ltd 2007 JDE and JD Edwards are registered trademarks of Oracle & Company AS/400 and IBM are registered trademarks of IBM Corporation SEC-Qure is a registered trademark of Q Software Global Ltd Q Software Global Ltd is an Oracle Certified Partner Q Software Global Ltd is an IBM Partner in Development Registration No 19026559
E1Config v3.0 User Manual Rev 1.1
2 August 2007
Contents
Support ......................................................................................................................... 6 Introduction .................................................................................................................. 7 Generating Security ..................................................................................................................... 7 New Functionality ....................................................................................................................... 7
Accessing E1Config ..................................................................................................................... 8
Solution Explorer......................................................................................................................... 9
E1Config Setup ........................................................................................................................... 10
Version Security functionality ................................................................................................... 12 Hidden Programs ....................................................................................................................... 14 Reports................................................................................................................................... 17 Name Encryption ....................................................................................................................... 18 Auditing ..................................................................................................................................... 21 Segregation of Duties................................................................................................................. 23 General....................................................................................................................................... 24 E1Config...................................................................................................................... 25
Template Manager ...................................................................................................................... 26
Adding a Template .................................................................................................................... 28 Header.................................................................................................................................... 28 Defaults.................................................................................................................................. 29 Locking a Template ................................................................................................................... 31 Modifying a Template Header................................................................................................... 32 Copying a Template................................................................................................................... 33 Deleting a Template................................................................................................................... 34 Modifying Template Detail ................................................................................................... 35
Work with Parents....................................................................................................................... 36
Introduction................................................................................................................................ 36 Parent Type Component ............................................................................................................ 37 Position to Parent ................................................................................................................... 38 Component Level................................................................................................................... 38 Adding a Component ............................................................................................................. 41 Component Level Definition ................................................................................................. 42 Component Level Revisions .................................................................................................. 44 Modifying a Component Header ........................................................................................... 45 Copying a Component ........................................................................................................... 46 Deleting a Component ........................................................................................................... 48 Parent Type Function................................................................................................................. 52 Adding a Function ................................................................................................................. 53 Modifying a Function Header................................................................................................ 55 Copying a Function................................................................................................................ 56 Deleting a Function................................................................................................................ 58 Parent Type Segregation of Duties ............................................................................................ 59 Adding a Segregation of Duties Rule .................................................................................... 60 Modifying a Segregation of Duties Header ........................................................................... 62 Deleting a Segregation of Duties Rule................................................................................... 63
Parent Details .............................................................................................................................. 64
Component Detail Definition..................................................................................................... 64 Add Security Type ................................................................................................................. 65 Security Detail ....................................................................................................................... 67 E1Config v3.0 User Manual Rev 1.1 2 2 August 2007
Set Defaults............................................................................................................................ 69 Apply Detail Heads Down.................................................................................................. 70 Modifying Security................................................................................................................ 70 Deleting Security ................................................................................................................... 70 Apply Detail Selector.......................................................................................................... 71 Version Security Enabled .......................................................................................................... 74 Security Types allowing Version Security ............................................................................ 75 Hidden Programs Enabled ......................................................................................................... 76 Copying Component Detail ................................................................................................... 80 Deleting Security ................................................................................................................... 82 Function Detail .......................................................................................................................... 83 Adding Function Detail ......................................................................................................... 83 Function Detail ...................................................................................................................... 84 Deleting Function Detail........................................................................................................ 85 Segregation of Duties Detail...................................................................................................... 86 Adding Segregation of Duties Detail..................................................................................... 86 Segregation of Duties Detail.................................................................................................. 88 Copying Segregation of Duties Detail ................................................................................... 89 Deleting Segregation of Duties Detail ................................................................................... 90
Entity Management ..................................................................................................................... 91
Entity Manager .......................................................................................................................... 91 Adding an Entity.................................................................................................................... 93 Modifying an Entity............................................................................................................... 94 Deleting an Entity .................................................................................................................. 95 User Clean Up........................................................................................................................ 96
User Management ....................................................................................................................... 99
User Security Manager .............................................................................................................. 99 Accessing User Security Manager ....................................................................................... 100 Position to Functionality/Search Criteria............................................................................. 103 Adding Parents to User/System Roles ................................................................................. 107 User/System Role Detail...................................................................................................... 108 Deleting records from the User Security Manager .............................................................. 110 Reviewing Component Detail.............................................................................................. 112 Copy User/System Role....................................................................................................... 113 User Security Workbench Reports .......................................................................................... 115 Report .................................................................................................................................. 115 Validate All Users................................................................................................................ 117 Build Validated.................................................................................................................... 119 Build All .............................................................................................................................. 120 Component/Function Security Management ....................................................................... 121 Adding User/System Roles to Parents ................................................................................. 122
Conflict Management................................................................................................................ 123
Conflict Manager ..................................................................................................................... 123 Security Conflict Resolution................................................................................................ 126 Component level Segregation of Duties .............................................................................. 128 Object level Segregation of Duties ...................................................................................... 129 Multi-level Conflicts............................................................................................................ 131 Multiple Roles Conflicts in 8.x versions.............................................................................. 133 Multiple Roles Sequencing Conflicts in 8.x versions.......................................................... 134 E1Config Administration.......................................................................................... 135
SEC-Qure E1Config Rev 1.1 3 2 August 2007
This document is copyright to Q Software Global Ltd 2007
Q Software SPC......................................................................................................................... 136 Update Inclusive/Exclusive Row Security.............................................................................. 138 Component Data Conversion (RY5AF500) ............................................................................. 139 Security Data Capture (RY5AF950) ......................................................................................... 142 Component Generator (RY5AF540) ........................................................................................ 146 User Clean Up QSG Tables Only.......................................................................................... 151 User Clean Up F00950 Table Only........................................................................................ 153 User Clean Up QSG and F00950 Tables .............................................................................. 155
E1Config Reporting.................................................................................................. 157 Maintain Reporting Codes (PY5AF945)................................................................... 158 Advanced E1Config Reports Front-End (PY5AF550) ............................................. 161
Template Reporting .................................................................................................................. 163
Functions by Template............................................................................................................. 164 Segregation of Duties by Template ......................................................................................... 168 Components by Template ........................................................................................................ 171
Entity Reporting ........................................................................................................................ 174
Security by Entity .................................................................................................................... 175

User Reporting .......................................................................................................................... 179
Security Workbench Audit reporting ...................................................................... 182

Report by Security Type (RY5AF100) ..................................................................................... 183 Environment Access Report (RY5AF110) .............................................................................. 185 User to Group/Role Comparison Report (RY5AF111)........................................................... 186 Application & Action Code Net Effect..................................................................................... 188 Net Effect Report (RY5AF565) ................................................................................................. 191 E1Config Component Creation ............................................................................................... 193
Auditing..................................................................................................................... 194 Tables................................................................................................................................... 194 Audit Fields ......................................................................................................................... 194 Actions................................................................................................................................. 195 Audit Enquiry .......................................................................................................................... 196 Audit Reports........................................................................................................................... 198 User Status (FY5AF402) Report (RY5AF555A) ................................................................ 198 Component Detail (FY5AF405) Report (RY5AF555B) ..................................................... 200 Parent Header (FY5AF501) Report (RY5AF555C) ............................................................ 202 Parent Detail (FY5AF510) Report (RY5AF555D).............................................................. 204 Template Master (FY5AF430) Report (RY5AF555E)........................................................ 206 Entity Master (FY5AF440) Report (RY5AF555F) ............................................................. 208 Function Tracker (FY5AF512) Report (RY5AF555G) ....................................................... 210 Component Tracker (FY5AF513) Report (RY5AF555H)................................................... 212 Conflict Manager (FY5AF515) Report (RY5AF555I)........................................................ 214 Control Table (FY5AF905) Report (RY5AF555J).............................................................. 216 Purge Audit Tables (RY5AF557) ........................................................................................ 218 Glossary .................................................................................................................... 220 Appendix A - E1Config............................................................................................. 222 QComponents .......................................................................................................................... 222 Naming Conventions ........................................................................................................... 222 Component Level................................................................................................................. 222 Security Type (Work with Components by Security Type vs. Selector)................................. 223
Appendix B - Security Table Set-up ........................................................................ 225 Single Security Table............................................................................................................... 225 Multiple.................................................................................................................................... 226 Appendix C - External Call Security in E1Config ................................................... 227 Introduction.......................................................................................................................... 227 Default Values ..................................................................................................................... 227 Adding new UDCs............................................................................................................... 228
SEC-Qure E1Config Rev 1.1
2 August 2007
Support
If you cannot find the information you require in this manual, please contact Q Software Technical Support via the Customer dedicated Support section of the Q Software web site (www.qsoftware.com/support). This is the preferred mechanism for logging support calls and will require a unique Username and a Password to access, which should have been supplied to you with your original software purchase. If you do not yet have a Username and Password, you can request one by emailing support@qsoftware.com. Alternatively, you can contact Technical Support directly by phone on +44 (0) 1483 280 410 Office hours are between 9am and 5:30pm UK time (GMT). Or email support on support@qsftware.com.
Ranmore Manor Ranmore Common Dorking Surrey RH5 6SX United Kingdom
2 August 2007
Introduction
SEC-Qure E1Config (E1Config) is a tool designed to make implementing Enterprise One (E1) security a great deal easier and less time consuming than using standard E1 functionality. For an explanation of E1Config terminology see the glossary section of this document. The idea is simple but effective and requires a little more planning than creating a standard security Matrix. We are approaching security strategy, and the resulting matrix, from a different angle. Menus/Tasks are not used to enhance security (although they are still relevant) as this can lead to mass duplication of security records. Instead the security Matrix is split into tasks or Components such as Add Standard Vouchers. All security records required to Add Standard Vouchers are recorded against a Component. The method of adding records is also made more efficient than the dragging and dropping of the E1 Security Workbench. Once a Component has been created, that reusable Component can then be added into a larger Job Function such as AP Clerk along with numerous other Components that an AP Clerk requires in performing their day-to-day duties. Multiple Components can be added to Functions and in turn several Functions can be added to other Functions, where necessary, all in an effort to save time in applying security. All Component and Function information is held in Templates. A Template can be equated to a security matrix and different matrices can exist to facilitate a multiple security table set up.
Generating Security
At no point in the process do you update any E1 tables, until you generate security through E1Config. Once all your Components and Functions have been created they can be attached to Users/Roles/*PUBLIC. This method of creating security means that once the Components and Functions have been generated then security records do not have to be duplicated. Instead they can be appended to Users where necessary. Any User that needs to Add Standard Vouchers can just have that Component attached to their profile. In the same way an AP Manager that needs to have all AP Clerk security plus additional records can have the AP Clerk Function assigned to their profile and then any additional Components added on top so that the same security does not have to be replicated. Once these records have been attached to the relevant users then the security records are built and at this point records are written to the F00950 table. A record of all security that has been applied is kept. Any Conflicts that emerge are tracked and the facility to manage these separately is provided. Also, if a change is made to a Component all profiles that have that Component as part of their security make-up are flagged so that you know when to update your user population. Batch jobs are available to refresh the security for all profiles that have changed to further expedite the process.
New Functionality
Please see the associated document SEC-QureE1ConfigV30NewFeatures.doc for new features available in the latest version.
Accessing E1Config
If you are using oexplore.exe to access E1Config then fast path directly QE1C100 and the Menus named below will be displayed. This will take you to the main Q Software menu. Alternatively you can create a menu call to the E1Config menus on your existing Menu structure at the point of installation. This is discussed in the Installation Manual that comes with the software.
2 August 2007
Solution Explorer
If you are using Solution Explorer (activConsole.exe) to access EnterpriseOne then you will need to have added QE1C100 to an existing task view. This process is discussed in the Installation guide that comes with your software. Once the Parent task has been added to a Task View the tasks displayed below will be available to you. In the example below we have added them to the Content Development Tools task view and you can then see the E1Config Security Manager task containing all E1Config applications. Or you can fast path directly to the task by entering QE1C100.
2 August 2007
E1Config Setup
The various E1Config Control functions can be maintained using the E1Config Setup application (PY5AF905), found on the Sec-Qure E1Config Administration Menu/Task View (QE1C102). Please note - Any changes to these settings will automatically be audited and recorded in the FY5AFA10 audit table whether auditing has been enabled or not. See the auditing section of this manual for more information about this topic.
10
2 August 2007
Tab Descriptions
Version Security
This tab enables Version Security within E1Config for the relevant Security Types. See below for more detail on this functionality. This tab enables Hidden Program Functionality within E1Config for Application Security. See below for more detail on this functionality. This tab disables Name Encryption for Components within E1Config. See below for more detail on this functionality. This tab enables Auditing functionality for the E1Config product. See below for more detail on this functionality. This tab enables Segregation Of Duties functionality for the E1Config product. See below for more detail on this functionality. This tab controls non specific functionality for the E1Config product. See below for more detail on this functionality.
Hidden Programs
Name Encryption
Auditing
Segregation of Duties General
11
2 August 2007
Version Security functionality

In 8.x versions and then retrospectively into service pack 23 of Xe (with ESU JD23877) Version Security was introduced for certain security types. If you are on this service pack and ESU level or later (including later releases of JDE) and are employing version security then a control table configuration is available for E1Config to enable you to incorporate this feature in your security setup. Access the application from the Menu/Task and a simple check box is available. If the box is checked then Version security is available to you as seen below.
For a list of the security types and forms that will be affected by this change please see the Version Security Enabled section of this manual.
12
2 August 2007
If, however, you do not use version security you may need to turn this option off. Uncheck the box to disable version security for your E1Config implementation. This will generate a warning message as seen below. Ok this message if you wish to disable version security.
13
2 August 2007
Hidden Programs
The Hidden Program functionality allows Associated Applications, Reports, Search & Select Forms and Hidden Programs to be selected through the Template Manager via a new Associated Object Selector form. This functionality is only available for Application Security.
The Hidden Program functionality requires the Cross Reference Table (F980011) to be populated in order to glean the necessary information. The Reports below should also be run before this functionality will work correctly.
14
2 August 2007
Checking or unchecking the Enable Hidden Program Functionality check box will either display or hide four object selection check boxes. When active at least one of the four object selection check boxes must be ticked, otherwise an error will be displayed when the OK button is pressed. The object selection check boxes control which types of objects can be selected on the Template Manager Work with Application Security grid.
15
2 August 2007
Check-box Descriptions
Associated Applications
Applications that are called from a selected application or form. Identified by records in the F980011 table with an object name (SIOBNM) equal to the selected object and a secondary attribute (SIATRS) of CLFRM. Only one level is allowed i.e. application A calls application B. Reports that are called from a selected application, form or report. For reports multiple levels are allowed i.e. Report 1 calls Report 2 which calls Report 3. Identified by records in the F980011 table with an object name equal to the selected object and a secondary attribute of RI Forms that are called from a selected application or form via a visual assist button attached to one or more fields on the form. Fields on the form are identified by records in the F980011 table with an object name equal to the selected object and a secondary attribute of DTAN. Each form name is retrieved from the field Search Form Object Name (FRSFMN) in the F9210 table identified with a Data Item (FRDTAI) value that matches the Name Field (SIFDNM) value in the F980011 table. Only one level is allowed. Applications or reports that are called from NER business functions (C business functions are currently not supported). NER functions are identified by records in the F980011 table with an object name equal to the selected object and a secondary attribute of BSFN. Each function name is retrieved from the Name Field (SIFDNM). Applications are identified by records in the F980011 table with an object name equal to the function name, a primary attribute of FORM and a secondary attribute of CLFRM. Reports are identified by records in the F980011 table with an object name equal to the function name, a primary attribute of FUNC and a secondary attribute of RI. For performance reasons the selected NER business functions are stored in a new table FY5AF519. Only one level is allowed.
Associated Reports
Associated Search & Select Forms
Hidden Programs
16
2 August 2007
Reports
These reports populate the tables that E1Config uses as a reference for the Hidden Programs functionality. The F980011 must be populated for these reports to construct the reference information. RY5AF563 QSG0001 This UBE reads the F9860 table for the object type BSFN and Source Language NER to see if any Business Functions call another application. The F980011 table, which must first be populated, is read with the object name matching the function name, a primary attribute of FORM and a secondary attribute of CLFRM. To see if the business function calls a report, the F980011 table is read with the object name matching the function name, a primary attribute of FUNC and a secondary attribute of RI. The FY5AF519 table is then populated with business function name, object name and form name of any NER business function that calls an application or report. If the object name is a report the form name will be blank. This UBE runs over vanilla Business Functions. Note: This Report must be run before the RY5AF561 report. RY5AF563 QSG0002 This UBE performs that same function as the above version but does it over any custom Business Functions that may exist for your implementation. RY5AF561 QSG0001 This UBE reads through the F9860 table for applications and reports and populates the FY5AF518 table with one record per object. The associated apps flag is set to Y if the object has an associated application, the associated rpts flag is set to Y if the object has an associated report, the associated search & select flag is set to Y if the object has an associated search & select form and the hidden program flag is set to Y if a matching record for the object is found in the FY5AF519 table. This UBE runs over vanilla Applications. Note: This Report must be run after the RY5AF563 report. RY5AF561 QSG0002 This UBE performs that same function as the above version but does it over any custom Applications that may exist for your implementation.
17
2 August 2007
Name Encryption
In previous versions of E1Config and QBuild, the object name field (OBNM) in the FY5AF405 table (Component Detail) was encrypted. This prevented custom reports being created over this table. This functionality can now be disabled by ticking the Disable FY5AF405 Object Name Encryption box. Please note Once encryption is disabled, it cannot be re-enabled.
18
2 August 2007
A warning message will be displayed to remind you to run report RY5AF960, which will decrypt the Object Name field for all the records in your existing FY5AF405 table.
19
2 August 2007
Once Name Encryption has been disabled it cannot be re-enabled and therefore the check-box will be greyed out as in the example below.
20
2 August 2007
Auditing
The Auditing functionality allows you to log any changes to your E1Config security configuration. Switch on auditing by ticking the Enable Auditing box.
21
2 August 2007
Please note Auditing can only be disabled by the person who enabled it. See the auditing section of this manual for more information on this topic.
22
2 August 2007
Segregation of Duties
The new Segregation of Duties functionality allows SOD conflict checking to be done at the Component level (as earlier versions of E1Config), Object level or both levels. Select the appropriate level by clicking the corresponding radio button.
23
2 August 2007
General
The General tab covers functionality that does not fall under a specific category. User Security Manager Form Set Default for Filter Clicking the appropriate radio button determines the default setting of the filter radio buttons on the User Security Manager form (PY5AF450/WY5AF450A). Please see the User Management section of this manual for further information.
24
2 August 2007
E1Config
Menu/Solution Explorer Task QE1C101 contains the E1Config daily use applications.
25
2 August 2007
Template Manager
The Template Manager is the entry point to creating and managing your security matrices for E1Config. As with the majority of E1Config functionality and a large amount of E1 functionality you have to create a header record and attach detail records to that header. Each Template is classified as a Header record and the Components, Functions and Segregation of Duties parents are the detail records attached to each Template and will be discussed in more detail in the Parent Revisions section of this manual. From within the Template Manager you can create and manage your own Templates either from scratch or by copying all or parts of existing E1Config Template/s.
26
2 August 2007
Field Descriptions
Template Name Description Status
This is the 10-character Id that identifies your templates. This is the 10-character Id that identifies your templates. This is the 30-character description that is assigned to each of your templates. This field shows whether a Template is LOCKED or BLANK (unlocked). Only the User that LOCKED a Template can work with it or Unlock it. The Level is a value of 1, 2 or 3. This describes the Level convention 1 Master. A Master Template should be Locked. This is your pristine Template and should be used in that way. 2 Dependent. Dependent Templates should be a copy or copies of your Master Template that can be modified to fit a particular need/site. 3 Independent. As the name suggests this type of Template is independent, therefore can be free form and used in any way.
Level Level Description
Template Master
If a Template is a dependent this field should show the Master Template that it is derived from.
Row Exits
Lock
This button changes the Lock Indicator value for the highlighted template to the opposite value. Once a Template is Locked only the User that Locked it can modify, unlock or delete that Template. This exit allows you to access the Components, Functions and Segregation of Duties Parents for each template that you have created. Displays the version number of the E1Config software that you have and some contact details for QSoftware.
Parents
Form Exits
QSG
27
2 August 2007
Adding a Template
Templates are essentially individual security matrices and can be as similar or as different as you like. You will receive QComponents as one template if you have bought the software. It is advisable that you copy this Template and modify it, so that any new versions of the QComponents Template will not overwrite changes that you have made. See the Copying a Template section below. Templates are especially useful if you have a multi-company implementation where one site is going live before others. A Template can then be tailored to your needs and this Template can then be rolled out as a model and modified by site. Templates are also very useful when you have multiple security tables. If you have this structure then it is likely that you will want different levels of access by environment. You could have your Development and Test environments with one Template allowing Developers to have wide access to the system. Then a Template for Production that is restrictive in its access.
Header
To create a Template you must firstly add a header record. Click Add from within the Work with Templates form and you will be able to define a Template and the defaults that are to be used for it.
28
2 August 2007
Header Descriptions
Template ID Description Template Level
This is the 10-character Id that identifies your templates. This is the 30-character description that is assigned to each of your templates. Select or Enter the numbered value to determine whether the Template is a Master, Dependent or Independent Template. This field displays whether a Template is Locked or Unlocked. The value cannot be changed from this Tab. This field allows you to select or add the Master Template for a Dependent Template.
Lock Indicator
Template Master
Defaults
The Default and Default1 tabs of the Template define which default values will be used when applying security detail records to the Components that will make up your Template. They refer to all of the different security features within Enterprise One that use different values. The values that should be established in the defaults for each template relate to what values you will use most when applying security records and is highly dependant on whether you are employing an All Doors Closed, or an All Doors Open security strategy. For example if you were using an All Doors Closed policy then you would set your Application Security settings to YY as the default would be NN and therefore all of the Application security records that you apply would be YY to give the necessary Applications back to users. See the Set Defaults section of this manual for more information on how these defaults work. The Defaults1 tab will be protected for EnterpriseOne releases 8.10 and below, as this tab handles the default values for the new security types introduced with tools release 8.96 for 8.11 and above. You may notice that Miscellaneous, Solution Explorer, Portal and Data Browser (8.11 upwards only) security are not included in this defaults section. These types of security are supported by E1Config, but work in such a way as to not need default values to be created.
29
2 August 2007
30
2 August 2007
Note - The above examples are the recommended configuration for an All Doors Closed Template.
Locking a Template
Once you have created your Template and are satisfied that the Components have been customized to your liking, or if you are not currently using the software and other users potentially have access to the E1Config software we advise that you LOCK your Template/s. Lock a Template simply by highlighting the desired Template and clicking on the Lock Row exit. Locking is simple but effective and is controlled by User Id. When a User Locks a Template, the profile of that User is recorded in the FY5AF430 table. That user is then the only user that can unlock the Template. To be able to modify the Template the User that locked it must unlock it. Once it is unlocked any user can modify the Template details. Even when a Template is locked any user that has access to the software can copy the Locked Template so if you do not want users to be able to do this then deny access to the E1Config applications using standard application/action security.
31
2 August 2007
Modifying a Template Header

Highlight a Template and click Select. By doing this you will be able to change the Header record and the default settings for your selected Template.
* Note If you attempt to modify a Template that is locked, a message will inform you that the Template cannot be modified.
32
2 August 2007
Copying a Template
Highlight a Template and click Copy. Simply add a new Template ID and Description to the Template and then you can modify any of the defaults or attached parents. By doing this you will be able to copy the Header record and the default settings for your selected Template, as well as Copying all the detail of that Template including Components (and their attached security records), Functions and Segregation of Duties rules.
33
2 August 2007
Deleting a Template
Highlight the Template you wish to delete and click Delete. You will be prompted with the Delete message Confirmation window. Simply click OK to delete the Template or Cancel to stop the Delete.
WARNING this will also delete the Components, Functions and Segregation of Duties rules attached to the deleted Template. If you try and delete a Template that is attached to an Entity an error message will inform you that this is not possible. You must first delete the Entity.
34
2 August 2007
Modifying Template Detail

In order to work with the Parents (Components, Functions and Segregation of Duties rules) for a particular Template simply highlight the desired Template and take the Row Exit Parents *.
This will take you into the Parent Revisions form. * Note If a Template is LOCKED then the Parents exit will not be available to you, as you are not authorized to modify the Template or its details.
35
2 August 2007
Work with Parents

Introduction
This form lists all of the parents that are attached to each Template. This form is used as the front end to actually applying your security records and allows you to manage these security records in a logical manner. The form will default to show you all of the existing Components for the selected Template. The Parent Revisions application is where you apply your security records to Components and once you have created your Components then group them together into Functions. You can also establish rules for your Components that warn you when you have created a Segregation of Duties conflict, i.e. when you assign a Voucher entry and Check Processing Component to the same user. The definition of the three Parent types can be seen below: Component At the base level this can be described as a group of security records. For an All Doors Closed strategy a Component can be described as a task in E1 and all those security records that are required in order for any user to perform a task. For example Voucher Entry or Batch Processing. Function This is best described as a group of Components that combine to form a Function such as an Accounts Payable Clerk. They are therefore similar to groups/roles in E1. Functions, however, are slightly more involved and flexible than just this definition. More than one function can be attached to a user or a group/role profile and Functions can be embedded in other functions to make security quicker and easier to set up. Segregation of Duties Segregation of Duties are rules that are established specifically for E1Config and involve what tasks (Components) should or should not be assigned to which users. Rules can be created to state that if one Component or Object is assigned to a User/System Role then one or more other Components or Objects should not be assigned to the same profile. If they are assigned in error, then when security is allocated to a profile then a warning message appears stating that Conflicts exist for that user.
36
2 August 2007
Parent Type Component

A Component contains the security records that will enable a user to perform a defined task or process such as Add Standard Vouchers. Once the security detail is set up behind this Component, those records will not have to be reproduced for each User or User Group/Role that requires that task to carry out their job. The Component is a template of this security that can be attached to any user or group/role that needs it to enable them to perform said task.
Once you have created a Component Header you can define the detail beneath it by highlighting a Component or Object (depending on the Control table setting) and clicking Select. Existing Components can also be interrogated and edited in this manner. Select Component as the Parent Type. All defined components will be displayed. Once the Parent Type Component is displayed you can create new Components, or modify and delete existing Components.
37
2 August 2007
Position to Parent
Once a Parent Type has been selected and a list of the relevant parents has been displayed, enter a value in this field and the list will start from the selected value (see figure below). This field is alphanumeric and will display from the first match it finds, or the next in order. Wildcards do not work but if you enter an N, for example, all Parents that start with an N onwards will be displayed.
Component Level
The Component Level field is a filter that is only available when you have selected the Parent Type Component, which is defaulted when you enter the form. The field will default to an * which means that all Components are displayed. You can use the Visual assist or enter a Component Level value (0-9) directly into this field and the Components will sort to only display those that have a Component Level equal to the value entered. This is useful to search for specific types of Component. In the example below, all Components have been created at a level 3. See Appendix A - Component Level for examples of Component Levelling strategies.
38
2 August 2007
39
2 August 2007
Field Descriptions
Template ID Position To
The Template ID and description for the Template that you are working within. A Display from field. Enter a value and the list of the relevant Parent Type will start from that value or next alphanumerically. A filter for Components. Entering a Component level value in this field will sort the list of Components to only display those with a matching Component level. An * will show all Components. Click this radio button to display Components. Click this radio button to display Functions. Click this radio button to display Segregation of Duties rules.
Component Level
Parent Type
Components Functions Segregation of Duties
Exits
Row
Parent Details
This exit performs differently depending on the Parent type that is currently selected. For Components this will access the Work with Components form (WY5AF405A) from where you can add/maintain Component Detail (physical security records). For Functions this will access the Parent Selection screen (WY5AF501E) form from where you can attach Functions and/or Components to a Function. For Segregation of Duties this will access the Parent Selection form from where you can attach only Components or Objects to an SOD rule.
Form
Objects
This button will call the Work with Object Components form (WY5AF405E) from where you can locate where specific objects are located in Components. See the Locating an Object section of this manual for more information.
QSG
Displays the version number of the E1Config software that you have and some contact details for QSoftware.
40
2 August 2007
Adding a Component
To add components ensure that the Parent Type is Component and then click the Add button.
41
2 August 2007
Header Descriptions
Template ID Type
Shows the Template ID for the Template to which you are adding a Parent. Shows the code that defines which type of Parent you are adding. In this case it is a Component. This is the 10-character Id that denotes each component. See Appendix A E1Config for more information on naming conventions.
Parent Name
Description Security Indicator Component Level
This is the 80-character description that is assigned to each of your parents. Internal security for assignment of E1Config Parents. This field is for future use. The level assigned to each component. Further explanation of this feature can be seen below. See below for further Information. These are 3-character user defined fields which can be used to classify the Component. See the Maintain Reporting Codes section of this manual for more information.
Reporting Codes
Component Level Definition

Assigning a level to a Component is linked to the assignment of security to users and to Conflict Management (see the Conflict Management section of this manual for further information on Conflicts) within the product. Levels can be set to Components and are relevant when actually applying security to User/System Roles. If a conflict arises then the Component Level determines how the conflict is resolved. A Component with a level of 1 will override a Component with a level of 2 etc. Component Level is only relevant when a conflict arises. The following example can be used to explain a conflict and how component levels are used. If two components are defined with 20 security records each. Component A has a level 5 and has application security YY set against P01012. Component B has a level 8 and has application security NN set against P01012.
Component A has a higher Component Level and therefore takes precedence. The user will therefore have application security of YY set against P01012. The conflict is only relevant for P01012 and all other security records are applied to the user.
42
2 August 2007
If both Components had the same level then an actual Conflict would exist. A warning message will appear informing you that a conflict exists. Use the Conflict Manager application to resolve any existing conflicts. An explanation of this can be seen later in this manual.
43
2 August 2007
Component Level Revisions

The level of components is set from 0 to 9. These can be modified but we advise that you do not change them. The descriptions for each can be changed for internal control of what levels are assigned to Components. To modify the descriptions click the Flashlight on Component Level when adding or modifying a Component and you should be taken to the form below. Then click the Revisions button, or use E1 application P0004A/W0004AA Work with User Defined Codes, enquire on Product Code - Y5AF, User Defined Codes CL and revise the relevant descriptions.
See the Component Level section in Appendix A - E1Config for recommended use of Component levels.
44
2 August 2007
Modifying a Component Header

Highlight a Component and click Select. By doing this you will be able to change the Header record for your selected Component and add reporting codes to it.
Note If you change the Component Level for any Component/s that are attached to profiles through an associated Entity, either directly or through a Function, then the User Status or that profile/s will be reset to Changed. See the Entity Manager section of this manual for more information on User Statuses.
45
2 August 2007
Copying a Component
Highlight a Component and click Copy. You will be taken to the Copy Parent form from where you can copy the Component in the following ways: 1. Copy to an existing Component by entering that Component name in the To Details Component field. See Add/Replace records in the Field Descriptions section. 2. Create a new Component by entering a new Component name into the To Detail Component field *. 3. Copy to the same Template by leaving the To Details Template as the default. You would do this if you were copying a level 9 component (Inquiry) to a level 3 component (update). Once copied you would add the Action Code records to this component to make it an update component. 4. Copy to a different Template by overwriting the value in the To Details Template with the Template Id of the target Template. You could do this to replicate proven test Components in Production Templates or to replicate modified Components across multiple Templates.
* - Creating a New Component will default the same Component Level as the From Component. If you are modifying a QComponent, and creating an update Component for example, then you should be aware that you will need to reset the Component Level for the To Component.
Field Descriptions
Add Records
Select this button to add any new records from the selected Component to the Copy To Component. This will leave any existing records and add any that do not exist. Removes any existing records from the Copy to Component and Replaces them with all the records attached to the Copy From Component. Displays the name and description of the Template to which the selected Component is attached. Displays the name and description of the Component that you are copying. Displays the name and description of the Template to which the selected Component is attached. This can be changed to another Template thus enabling you to copy Components across Templates. This field allows you to enter the name and description of a new Component or select or enter the name of an existing component.
Replace Records
From Details
Template ID
From Component To Details Template ID
Component
The Parent Header details of your Copy From Component will be carried across so if you are going to modify a Component ensure that the correct level is maintained.
47
2 August 2007
Deleting a Component
Highlight the Component that you wish to delete and click Delete. You will be prompted with the Delete message confirmation window. Simply click OK to delete the Component or Cancel to stop the Delete.
WARNING this will delete the selected Component from User/System Roles, Functions and/or Segregation of Duties Rules to which it is attached. To highlight this, additional warning messages may appear along with the Delete message confirmation box. If this is the case be very careful that you have made allowances for this with regards to the security and compliance of users as deleting this component and rebuilding security for one or more users could affect their access rights. Note You cannot delete a Component that is the Header record for an existing SOD rule. You must first delete the rule before deleting the relevant Component.
48
2 August 2007
Locating an Object
E1Config holds Component detail information in the FY5AF405 table but the object name field in this table is encrypted to protect against un-authorized access. Only users that have E1Config with a valid SPC can therefore view this information. Existing users of Version 2.02 will be aware that this makes tracking down objects when customizing Components awkward as the only time to see what Components contain which objects is once they are attached to a user. This information can then be viewed through the Component Tracker File (FY5AF513). In order to make the product more user-friendly we have therefore added the Work with Object Components form (WY5AF405E). Access this form by taking the Objects Form exit from within the Work with Parents screen. This form allows users to input a particular object and all Components containing this object will be returned to the grid. The Components that are returned can then be worked with in more detail.
49
2 August 2007
Search Criteria/Field Descriptions
Template ID Object Name
The Template ID and description for the Template that you are working within. This field is mandatory. Use the visual assist or enter in an object name i.e. P01012 or F0006. Click find and a list of the Components that contain the selected object will be returned.
Security Type
Some objects can exist for more than one security type i.e. APPL can exist for multiple security types. Depending on the type of Component you are working with you may wish to filter the Component list to only show a particular security type. Use the visual assist or enter in a valid E1 security type. Click find (ensuring that there is an object in the object name field) and a list of Components that contain the selected object and security type will be returned.
Component Level
When working with Components certain objects may be repeated through Components that have different levels i.e. an Update Component and an Inquiry Component for Voucher Entry will both contain the same Application security records. In order to make a potentially long list more manageable use the visual assist or enter a valid Component level into this field along with an object name. Click find and the grid should display a list of Components that match your search criteria. The names of all Components that match the search criteria entered. See below for all Components that contain the Address Book application (P01012).
Component ID
Description
The description of all Components that match the search criteria entered. See below for all Components that contain the Address Book application (P01012).
50
2 August 2007
Exits
Row
Component Objects
Highlight the Component that you wish to work with and click this Row exit. This will access the Component Detail Header form Work with Components (WY5AF405A) from where you can add, delete, copy or modify existing Component detail records.
Form
QSG
Displays the version number of the E1Config software that you have and some contact details for QSoftware.
In the example below an attempt is being made to track down all Components that contain the Address Book application (P01012).
By double-clicking a record, or highlighting and clicking Select you can drill down and work with the detail of this Component or use it to copy records to a new/existing Component.
51
2 August 2007
Parent Type Function

A Function is the combination of Components that allow a User to perform a particular Job Function such as an Accounts Payable Clerk. Depending on your business the Components that make up a specified Job Function may differ but the principle of attaching Components to a Function remain the same. A Job Function can be defined as the tasks that go to make up a Job. Once the security detail is set up behind Components, these can then be attached to a Function. Multiple Components can be appended to a Function. Functions can also be attached to another Function if one Job Function is incorporated into another Job Function within your company. Select Function as the Parent Type. All defined Functions will be displayed. Once the Parent Type Function is displayed you can create new Functions or modify, and delete existing Functions.
52
2 August 2007
Adding a Function
To add a Function, ensure that the Parent Type is Function and then click the Add button.
53
2 August 2007
Field Descriptions
Template ID Type
Shows the Template ID for the Template to which you are adding a Parent. Shows the code that defines which type of Parent you are adding. In this case it is a type 2 (Function). This is the 10-character Id that denotes each component. See Appendix A - E1Config for more information on naming conventions.
Parent Name
Description Reporting Codes
This is the 80-character description that is assigned to each of your parents. These are 3-character user defined fields which can be used to classify the Function. See the Maintain Reporting Codes section of this manual for more information.
54
2 August 2007
Modifying a Function Header

Highlight a Function and click Select. By doing this you will be able to change the Header record for your selected Function and add reporting codes to it.
55
2 August 2007
Copying a Function
Highlight a Function and click Copy. You will be taken to the Copy Parent form from where you can copy the Function in the following ways: 1. Copy to an existing Function by entering that Function name in the To Details Function field. See Add/Replace records in the Field Descriptions section. 2. Create a new Function by entering a new Function name into the To Detail Function field. 3. Copy to the same Template by leaving the To Details Template as the default. You would do this to replicate an existing Function and then modify it. 4. Copy to a different Template by overwriting the value in the To Details Template with the Template Id of the target Template. You could do this to replicate proven test Functions in Production Templates or to replicate modified Functions across multiple Templates.
56
2 August 2007
Field Descriptions
Add Records
Select this button to add any new records from the selected Function to the Copy To Function. This will leave any existing records and add any that do not exist. Removes any existing records from the Copy to Function and Replaces them with all the records attached to the Copy From Function. Displays the name and description of the Template to which the selected Function is attached. Displays the name and description of the Function that you are copying. Displays the name and description of the Template to which the selected Function is attached. This can be changed to another Template thus enabling you to copy Function across Templates. This field allows you to enter the name and description of a new Function or select or enter the name of an existing Function
Replace Records
From Details
Template ID
From Function To Details Template ID
Function
All Components attached to your selected Function will also be copied to the new/existing Function.
57
2 August 2007
Deleting a Function
Highlight the Function you wish to delete and click Delete. You will be prompted with the Delete message confirmation window. Simply click OK to delete the Function or Cancel to stop the Delete.
WARNING this will delete the selected Function from any Profiles and Functions to which it is attached. An additional warning message will be called if this is the case.
58
2 August 2007
Parent Type Segregation of Duties

Select Segregation of Duties as the Parent Type. All defined Segregation of Duties Rules will be displayed. Once the Parent Type is displayed you can create new Segregation of Duties rules, modify, and delete existing rules and add reporting codes to these rules.
59
2 August 2007
Adding a Segregation of Duties Rule

You can only set up Segregation of Duties rules against an existing Component or Object. Ensure that the Parent Type is Segregation of Duties and click Add from the Parent Revisions form. Depending on the Control Table setting, the SOD level field will contain either a 1 for Component Level or a 2 for Object Level. If the Control Table setting is Both, the SOD level field will contain a 1 but can be changed. In the Parent Name field enter or Select a Parent Component or Object.
60
2 August 2007
Field Descriptions
Template ID Type
Shows the Template ID for the Template to which you are adding a Parent. Shows the code that defines which type of Parent you are adding. In this case it is a type 1 (Segregation of Duties). Level at which SOD conflict checking is done. 1=Component 2=Object This is the 10-character Id that denotes each component or object. See Appendix A - E1Config for more information on naming conventions.
SOD Level Parent Name
Description Security Indicator Reporting Codes
This is the 80-character description that is assigned to each of your SODs. Enter or select a Security Indicator. These are 3-character user defined fields which can be used to classify the Segregation of Duties. See the Maintain Reporting Codes section of this manual for more information.
61
2 August 2007
Modifying a Segregation of Duties Header

To change the header of a Segregation of Duties rule highlight the record and click Select and you will be taken to the Header form.
62
2 August 2007
Deleting a Segregation of Duties Rule

To delete a Segregation of Duties rule, highlight the record to be deleted, click Delete and then OK to confirm deletion.
WARNING Deleting a Segregation of Duties child or parent may affect compliance and an additional warning message will be called to highlight this. *Note - All attached Components will be deleted from the Segregation of Duties Parent Type. The Components will not be deleted from the Component Parent Type.
63
2 August 2007
Parent Details
Once header records are created then you can add detail records to said parents. Simply highlight the required parent and take the Parent Details Row exit to be taken to the correct entry form dependant on Parent Type.
Component
Detail records added to Components actual security records. These can be any of the 11 Security Types available from the E1 Security Workbench (P00950) application. Detail records added to Functions can be either Functions or Components. Detail records added to Segregation of Duties rules must be Components or Objects only.
Function Segregation of Duties
Component Detail Definition

When you select the Parent Details Row exit from the Parent Revisions form you are taken to the Work with Components by Security Type form, which is the Header Detail form for each Component that displays all appended security records. A QBE line allows you to interrogate more thoroughly the different security types and objects etc.
64
2 August 2007
To attach security to a Component click Add and you will be taken to a form (see below) that allows you to select the type of security that you want to apply. If records already exist for a Component you can amend or add new security either by clicking Add or by double clicking on the relevant record, or security type.
Add Security Type
To select a particular kind of security click on the relevant security type and then click OK. Please note:The Data Browser Security Type is only available to clients that are using an 8.11 SP1, Tools Release 8.95 and above version of EnterpriseOne (E1Config will allow this security type to be selected on 8.11 but EnterpriseOne will not support it for users on an earlier tools release than 8.95). Link, Push Button and Image Security Types are only available to clients that are using an 8.11 SP1, Tools Release 8.96 and above version of EnterpriseOne (E1Config will allow this security type to be selected on 8.11 but EnterpriseOne will not support them for users on an earlier tools release than 8.96).
The Media Object Security Type is only available to clients that are using an 8.12 Tools Release 8.96 and above version of EnterpriseOne (E1Config will allow this security type to be selected on 8.12 but EnterpriseOne will not support it for users on an earlier tools release than 8.96).
66
2 August 2007
Security Detail
If you have accessed a security type either through the Select Security Type form or directly from the Work with Components by Security Type form you will be taken to a Work with Component form that differs for each type of security. Depending on the type of security that you are writing the entry methods vary. Some allow you to write records manually or Heads Down, others enable you to use Explorer functionality to select which records to apply security to and some allow you to check buttons to apply security. See Appendix A - E1Config Security Type (Work with Components by Security Type vs. Selector) for which types of security can be applied using which forms. See also the E1Config Setup section of this manual and/or Version Security Enabled below if you are using Version Security in your implementation. See also the E1Config Setup section of this manual and/or Hidden Programs Enabled below if you wish to employ this functionality.
Below is an example of a Work with Component form. All are different and the field descriptions below cover all likely fields.
67
2 August 2007
Field Descriptions
Component ID Defaults
The Component Name and Description. This field is hard coded. The default security settings for the relevant security type. These are controlled by Defaults section of the template you are currently working in. See the Template Manager Defaults section of this manual for more information. The default settings can be modified from within the application by clicking the Set Defaults button. A check indicates a Y and a blank indicates an N. Depending on the security type you are adding this field allows you to enter or select a specific Application to apply security to. Depending on the security type you are adding this field allows you to enter or select a specific Form to apply security to. If you are adding Row or Column security records this field enables you to enter or select a specific Table to apply security to. If you are adding External call security through the selector this field displays which Menu and Menu Selection has had security applied to it. This field will default to show the object description for the Application, Form, Table or Menu/Selection that you are writing records against. If you are creating Row or Column security records this field enables you to enter or select the specific Alias you wish to apply records against. This is a lot quicker and easier than E1 as there you have to enter the Data Item in full exactly first. Once you enter the Alias in E1Config the Data Item defaults into the line. The Values differ by Security type but can be broken down into the following: Run, Install, View, Add, Change, and Delete, Copy, OK/Select, Scroll to End, Prompt For Values, Prompt for Versions and Prompt for data selections. You can apply the default security settings to one or more highlighted objects if necessary.
Application Name Form Name
Table Name
Menu /Selection Description
Alias
Values
Row Exits
Apply Defaults
68
2 August 2007
Form Exits
Selector
Calls the Selector application that allows you to add multiple security details to a component quickly and easily. Further explanation of this feature can be seen later in this manual. Enables you to set the defaults for the relevant security type. These defaults will remain for only as long as you remain within the application. As soon as you exit the application the defaults will reset to conform to the processing options.
Set Defaults
Set Defaults
Click on the Set Defaults button and you will be taken to a Default Entry form specific to each type of security (the form below is just an example of one type). By checking a box you are setting the selected value to a Y. By leaving a box blank you are setting the relevant value to an N. Click OK to confirm the defaults you have set. The initial settings are generated from the Default settings in the Template Header.
69
2 August 2007
Apply Detail Heads Down

Rather than dragging and dropping, you can use the Work with Components by Security Type form to apply security manually, if you know the name of the objects that you want to secure. Enter the application, form or table that you want to secure (you can use the search lights to find the relevant object if you do not know the name) and then enter the security settings manually using the Apply Defaults button or by moving to the next line the defaults are automatically applied. You can also cut and paste blocks of Applications directly from an Excel Spreadsheet if you have already created your Matrix.
Ensure that you press OK to save the records to the Component detail table before you exit this form. If you press close then the records are not necessarily saved.
Modifying Security
To change security details modify the records manually. Ensure that you click OK before exiting to save the changes.
Deleting Security
To delete security records, highlight the relevant records and click the Delete button. Ensure that you click OK before exiting to save the changes.
Apply Detail Selector

Click on the Selector button from the Work with Components by Security Type form (Form Exit) and you will be taken to another form that allows you to enter multiple security records using explorer functionality. It is advisable that you set the security defaults before you start to enter records. See Appendix A Security Type (Work with Components by Security Type vs. Selector) for which types of security can be applied using the Selector and which cannot.
Using the Search Criteria The search and select criteria work in a very similar way to the E1 Security Workbench Unsecured selection, except that no wildcards can be entered. Click a button, then enter a value in the blank window and click Find. The display will show those records that match your search criteria. Application Click the Application button and then enter the name of an application and that application will be shown with all relevant elements.
71
2 August 2007
Menu Click the Menu button and then enter a particular Menu Id. All objects on the selected menu will be displayed with any relevant elements. This radio button is disabled if you are using an 8.x version of E1. Product Code Click the Product Code button and then enter the name of a E1 system and all objects and their elements that are part of that system will be displayed. Solution Explorer Click the Solution Explorer button and then use the Visual Assist to select a Task or enter a Task Id into the field and all objects on the selected Task will be displayed with any relevant elements. Secure This button returns highlighted values to the Work with Components by Security Type form with the Default Security settings applied.
Row Exits
Form Exits
Set Defaults
Enables you to set the defaults for the relevant security type. These defaults will remain for only as long as you remain within the application. As soon as you exit the application the defaults will reset to conform to the processing options. Enables you to apply *ALL security for the Security Type you are updating. This is only available for some security types.
Secure All
Secure Once you have found the relevant objects or elements that need to be secured you can highlight one or more and click the Secure button and these will be returned to the Work with Components by Security Type form with the Default security settings applied. If the Default settings are not requisite, they can be changed by taking the Form Exit Set Defaults. In order to view what security records have been taken you must Close out of this form to view the records in the Work with Components by Security Type form. You must then OK these records to save them to the Component. To highlight more than one object to secure you can use Explorer functionality. To select multiple records which are all in order hold down shift and click on numerous records or use the arrow keys. To select multiple records which are not in order hold down control and click on the required records. Then click Secure and the highlighted records will be secured. Secure All Certain Types of security can only be applied through E1Config using the Selector. The Secure All button has been incorporated to enable you to apply a *ALL value for these types of Security. This button is also active for other types of security that utilize the Heads Down entry Method. You can add *ALL settings to these other types of security through the grid as well.
Once you have returned to the Work with Component form for the relevant security type ensure that you click OK to save the records to the file or else they will be lost and you will have to do it again.
73
2 August 2007
Version Security Enabled

In 8.x versions and retrospectively into service pack 23 of Xe (with ESU JD23877) Version Security was introduced for certain security types. If you are employing this feature the following E1Config forms will be affected: PY5AF405/WY5AF405B Work with Component by Security Type The Version field allows manual input of a version ID or a Visual Assist allows you to select from a list of versions available for the selected application.
74
2 August 2007
PY5AF405/WY5AF405G Selector Versions are displayed in the same way as the Security workbench, but multiple versions can be selected to secure at one time using the standard windows <Shift> or <Ctrl> functionality.
Security Types allowing Version Security

The following security types are affected by Version security and therefore the above 2 forms will reflect this and allow entry of version security records: Action Code Security Column Security Application Security Processing Option Security Link Security Push Button Security Image Security Media Object Security
75
2 August 2007
Hidden Programs Enabled

This functionality enables you select and apply application security related to those applications that you wish to set up for a Component. It is dependant on the Cross Reference Table (F980011) being populated and the relevant E1Config UBEs being run in order to employ this functionality. See the E1Config Setup section of this manual for more information about preliminary tasks required to use this functionality. Once the preliminary tasks have been completed, additional fields will be available on the Application Security form displaying whether Applications have associated programs. Associated Row Exits will also be available allowing you to drill down to an E1Config form which enables you to pull in these programs for a Component, thus making the task of setting up security easier.
76
2 August 2007
Field Descriptions
Assoc Apps
If a Y appears in this column then Associated Applications exist for this application. The Assoc Apps Row Exit should also be available for you to pull in any applications that you wish. If a blank appears in this column then no Associated applications exist for this Application. The Assoc Apps Row Exit will not be available. If a B appears in this column then information has not been built for this application and we suggest that you run the relevant tasks in the E1Config section of this manual.
77
2 August 2007
Assoc Rpts
If a Y appears in this column then Associated Reports exist for this application. The Assoc Rpts Row Exit should also be available for you to pull in any applications that you wish. If a blank appears in this column then no Associated applications exist for this Application. The Assoc Rpts Row Exit will not be available. If a B appears in this column then information has not been built for this application and we suggest that you run the relevant tasks in the E1Config section of this manual. If a Y appears in this column then Associated Search & Select Forms exist for this application. The Assoc Sch/Sel Row Exit should also be available for you to pull in any applications that you wish. If a blank appears in this column then no Associated applications exist for this Application. The Assoc Sch/Sel Row Exit will not be available. If a B appears in this column then information has not been built for this application and we suggest that you run the relevant tasks in the E1Config section of this manual. If a Y appears in this column then Hidden Programs exist for this application. The Hidden Programs Row Exit should also be available for you to pull in any applications that you wish. If a blank appears in this column then no Associated applications exist for this Application. The Hidden Programs Row Exit will not be available. If a B appears in this column then information has not been built for this application and we suggest that you run the relevant tasks in the E1Config section of this manual. Highlight the relevant grid record and click this button to drill down to the Associated Applications Selector. Highlight the relevant grid record and click this button to drill down to the Associated Reports Selector.
Assoc Sch/Sel
Hidden Programs
Row Exits
Assoc Apps
Assoc Rpts
78
2 August 2007
Assoc Sch/Sel Hidden Programs
Highlight the relevant grid record and click this button to drill down to the Associated Search & Select Forms Selector. Highlight the relevant grid record and click this button to drill down to the Hidden Programs Selector.
The Selector works the same way for each of the drill downs and an example can be seen below.
Field Descriptions
Application
This field will be populated with the ID and description of the selected Application. Highlight one or more of the Applications, Forms, or Versions using standard windows <Shift> or <Ctrl> functionality and then click this button to add these objects to your Component.
Row Exits
Secure
79
2 August 2007
Copying Component Detail

To copy records select the records that you wish to copy and then input the Component that you wish to copy these records to.
80
2 August 2007
You can copy the security details from one Component to another within the same Template or to another Template. The copy function allows you create new Components with the records that you are copying, to add records to existing Components or to delete all records from an existing Component and replace them with the records from the Component that you are using to copy.
Field Descriptions
Add Records
Select this button to add any new records from the selected Component to the Copy To Component. This will leave any existing records and add any that do not exist. Select this button and the records for the Copy To Component will be deleted and replaced with those from the Component that you are copying. This shows the Template that you are copying from. This shows the name of the Component from which you are copying some or all records.
Replace records
From Details
Template ID From Component
81
2 August 2007
To Details
Template ID
This displays the Template that you are copying to. It will default to the current template but allows you to enter or select which Template to copy to. Enter the Component that you wish to copy records to. You can copy to an existing Component or create a new Component. If you are creating a New Component and then modifying it then ensure that you give the new Component the correct Component Level once it has been created.
Component
The Parent Header details of your Copy From Component will be carried across so if you are going to modify a Component ensure that the correct level is maintained.
Deleting Security
To delete security records, highlight the relevant records and click the Delete button.
82
2 August 2007
Function Detail
Once you have created a Function Header you can define the detail beneath it by highlighting a Function and choosing the Parent Details Row exit. Existing Functions can also be interrogated and edited in this manner.
Adding Function Detail

To display Functions click the Function button. To display Components click the Component button. Enter values in the Query by Example line to narrow the number of records on display. Wildcards are available for the search criteria.
To add Functions or Components inquire on the relevant type, highlight the required record and click Select. The selected record will be attached to the Function. Functions and Components cannot be added at the same time.
83
2 August 2007
Function Detail
Click on the node next to a Function to see what Components and Functions are attached to a Function.
84
2 August 2007
Deleting Function Detail

To delete a Function or part of a Function highlight the record/s to be deleted and click the Delete button. Then click OK to confirm the deletion.
WARNING this will delete the selected Function from Users and Functions to which it is attached. To highlight this, an additional warning message appears along with the Delete message confirmation box if a Function is attached to a profile through E1Config. If this is the case be very careful that you have made allowances for this with regards to the security of users as deleting this Function and rebuilding security for one or more users could affect their access rights.
85
2 August 2007
Segregation of Duties Detail

Once you have created a Segregation of Duties Header you can define the detail beneath it by highlighting a rule and choosing the Parent details Row exit. Existing Segregation of Duties rules can also be interrogated and edited in this manner.
Adding Segregation of Duties Detail

You are restricted to adding one or more Components or Objects to a Segregation of Duties rule. If a Component Level SOD parent is selected, the form will default to show available Components only. If an Object Level SOD parent is selected, the form will default to show available Objects only. You cannot add a Component or Object to itself, so this record does not appear in the list. Enter values in the Query by Example line to narrow the number of records on display. Wildcards are available for the search criteria. The following form is displayed for a Component Level SOD parent:-
To add one or more Components highlight the required record(s) and click Select. The selected record(s) will be attached to the Segregation of Duties rule. Functions and Components cannot be added at the same time.
The following form is displayed for an Object Level SOD parent:-
To add one or objects highlight the required record(s) and click Select. The selected record(s) will be attached to the Segregation of Duties rule.
87
2 August 2007
Segregation of Duties Detail

Click on the node next to a Segregation of Duties rule to see what Components or Objects are attached to the record.
88
2 August 2007
Copying Segregation of Duties Detail

Rather than attaching the same Components or Objects again and again to different SOD rules, once you have created them you can simply copy all attached Components or Objects to a new rule. Highlight a Segregation of Duties rule that you have already established and click on the Copy button.
You can create a new SOD rule by copying, or add/replace the Components or Objects to an existing SOD rule. The SOD rule that you are copying to or creating must exist in the Template that you are working within, or if you are copying across Templates then the new rule must exist in the target Template. If you are copying across Templates then if any of the Components or Objects that you are copying do not exist in the target Template then they will be created.
89
2 August 2007
Deleting Segregation of Duties Detail

To delete all or part of a Segregation of Duties rule highlight the Header or the superfluous record and click on the Delete button. Then click OK to confirm the deletion.
90
2 August 2007
Entity Management
Entity Manager
The Entity Manager can be defined as the link between your Template (including all attached Components and their security records, Functions and Segregation of Duties) and each instance of the F00950 that you have. This link is similar to an OCM mapping* and defines where the security will be built to i.e. which security table will records be written to when the security for a User/System Role is built. * Note Entities must be created in conjunction with OCM mappings. Creating an Entity will not create OCM Mappings for you and without the correct OCM mappings E1 will not function correctly with a multiple security table configuration. For more information on different security set-ups see Appendix B Security Table Setup. For more information on Builds see the User Security Maintenance section of this manual.
91
2 August 2007
Field Descriptions
Entity ID
The 10-character user defined ID that denotes an Entity. The Entity provides the link between the Template and the security table.
Description Template ID
The 30-character description that defines an Entity. The Template ID and all attached parents that are assigned to an Entity.
Data Source The Data Source is the E1 mapping where your security table resides. If you have more than one security table then you may require different Entities with different data sources. Row Exits Users Access the User Security Manager that contains all User/System Roles in the F0092 and allows you to attach security to them depending on the Template and Data Source selected. Displays the version number of the E1Config software that you have and some contact details for QSoftware. This exit calls a front end for the User Clean Up report (RY5AF570). The screen allows you to select what version of the report you wish to run and therefore what parameters you wish to pass into the report. The RY5AF570 report allows you to remove orphan records from your E1 security table (F00950) and the E1Config tables (FY5AF512, FY5AF513, FY5AF515 and FY5AF402) for those user profiles that have been deleted from the F0092 table. See the User Clean Up Section of this manual, below, for more information on this process.
Form Exits
QSG
User Clean Up
92
2 August 2007
Adding an Entity
From the Entity Manager Work with Entities form click Add and then create an Entity. All fields are mandatory when creating an Entity.
Field Descriptions
Entity ID
The 30-character description that defines an Entity. The Template ID and all attached parents that is assigned to an Entity.
Data Source The Data Source is the E1 mapping where your security table resides*. If you have more than one security table then you may require different Entities with different data sources.
93
2 August 2007
* Note If a data source does not contain an instance of a security table an error message will be generated.
Modifying an Entity
To modify an Entity, highlight the record you wish to modify, double-click or click Select and you will be taken to the Entity Information form for the selected Entity. You can then modify all fields other than the Entity ID. If you wish to change this you must copy the Entity or delete it and start again.
94
2 August 2007
Deleting an Entity
To delete an Entity, highlight the record you wish to delete, click delete and then ok the confirm deletion window.
* Note Deleting an Entity will not remove the security that has been attached to any User/System Roles from the F00950 (Security Table).
95
2 August 2007
User Clean Up
When you remove a profile from the F0092 table that record will automatically be removed from the display on the User Security Workbench as the Business Function behind this screen checks the F0092 each time you access the screen. The E1 security table (F00950) and the E1Config tables (FY5AF512/FY5AF513/FY5AF515) will still show information relating to that user. By clicking the User Clean Up form exit you will run a batch process that compares the E1 security table and the E1Config tables with the F0092 table and will allow you to remove the records from both sets of tables. When you want to perform a User Clean Up, click the Form exit (see below) whereby all Entities will be cleaned and a report produced.
96
2 August 2007
User Clean Up Version
QSG Tables Only
This will submit RY5AF570 version QSG0001. This version of the report will remove any orphan records from the QSoftware tables for any E1 profiles that have been deleted. This will submit RY5AF570 version QSG0002. This version of the report will remove any orphan records from the F00950 table for any E1 profiles that have been deleted. This will submit RY5AF570 version QSG0003. This version of the report will remove any orphan records from the QSoftware tables and the F00950 table for any E1 profiles that have been deleted. This will submit whichever version of the RY5AF570 that you have selected and run it on Proof. No records will be removed. Proof mode allows you to see which records would be cleaned up from the relevant tables should you run this report in Final mode.
97 2 August 2007
F00950 Table Only
QSG and F00950 Tables
Proof or Final Mode
Proof Mode
Final Mode
This will submit whichever version of the RY5AF570 that you have selected and run it on Final mode. Final mode will clear the records from the relevant files depending on which version was selected.
More detail for the three versions of this application can be seen in the E1Config Administration section of this manual. A sample of the RY5AF570 report can be seen below:
Field Descriptions
Table
Lists the Tables that contain records for obsolete profiles i.e. those that have been removed from the F0092 table. If more than one user, as in the above example, has been removed from the F0092 then multiple instances of a table may appear.
User/System Role
Lists the redundant profiles that no longer exist on the system.
98
2 August 2007
User Management
User Security Manager
Once your Components and Functions are created they can be assigned to your user population through the User Security Manager. The User Security Manager retrieves the User/System Roles it needs directly from your F0092. It allows you to write security against User System roles and the *PUBLIC profile. Where the security is written to, and what security is available for writing, is dependant on the Entity that you are working within. The Entity is the link between the Template, which contains the Functions, Components and therefore the security records and the Data Source, which contains the Security table (F00950). Once you have added Functions and/or Components to your User/System Roles you can build these records to the Security table for the current Entity, which is predefined when you create the Entity. The User Security Manager enables you to build security for your user population individually or in batch mode for multiple profiles. Before you apply security you have the ability to validate the security and to check that no Conflicts (see Conflict Manager for more detail) exist for each of your User/System Roles. This is effectively building the profiles in Proof mode. Once your security has been created the User Security Manager also allows you to track any changes that occur so long as the changes occur from within E1Config. What this means is that if any detail for a Component changes or if any Functions are modified then the Status of each profile that the modified Component and/or Function is attached to will change to indicate that a rebuild is required. If you maintain security through the E1 security workbench (P00950) you will find that your security is not supported using E1Config and records in E1Config will differ from those in your F00950 table. To ensure that your security integrity is maintained see the following sections of this document: Entity Manager (PY5AF440) - User Clean Up Form Exit (RY5AF570/QSG0003). Config Administration Menu/Task QE1C102. User Clean Up UBEs RY5AF570 (QSG0001/2/3).
99
2 August 2007
Accessing User Security Manager

To access the User Security Manager highlight an Entity from within the Work with Entities form and take the Row Exit Users to access the User Security Manager.
Field Descriptions
Entity ID Template ID
The name and description of the current Entity. The name of the template that is attached to the current Entity. This determines what Components and Functions are available to apply to Users within this entity.
100
2 August 2007
Report Exits
Validate All Users
Build Validated
This Batch Job will take all profiles that are at a status of 1 (Data Exists) and move them to a status of 2 (Validated). During this process it will also validate all these profiles and check that there are no Conflicts. A report will be produced listing any profiles that are in conflict. No security settings will actually be written against users. This report can be seen in User Security Workbench Reports section of this Manual below. This report will submit a batch job that will write all security records to the target Security Table for all profiles that have a status level of 2 (Validated). This report can be seen in User Security Workbench Reports section of this Manual below. This report will submit a batch job that will write all security records to the target Security Table for all profiles that have a status level of 1 (Data Exists), or 2 (Validated). It will also rebuild security for users who have a 3 (Completed Status). This may need to be done on a periodic basis if records have been updated using P00950, as security applied in this way will not be tracked through E1Config. This report can be seen in User Security Workbench Reports section of this Manual below. Highlight a User/System Role and click validate. This will advance the profile status to Validated (or green) and call an interactive Conflicts window if any Conflicts arise. These Conflicts can be viewed in the Conflict Manager. Highlight a User/System Role and take the Report Row exit. This will submit a batch job that will list all the Components, their detail and any Conflicts that arise for the selected profile. This report can be seen in User Security Workbench Reports section of this Manual below.
Build All
Row Exits
Validate
Report
Build
Highlight a User/System Role and take the Row exit Build. This will write the attached security records to the target data source specified in the current Entity and interactively pull up a Conflict window if any Conflicts exist.
101
2 August 2007
Conflicts
If Security Conflicts exist for a profile, highlight that profile and the Row exit button Conflicts will be active. If no Conflicts exist then the button will not be available. Select the button if active for a profile and you will be taken to the Conflict Manager. The Entity ID and the User/System Role will be greyed out and the Security Settings button will be checked. Any Conflicts for the Selected profile and Entity will be listed.
Segregation Issues
If Segregation of Duties Conflicts exist for a profile, highlight that profile and the Row exit button Segregation Issues will be active. If no Conflicts exist then the button will not be available. Select the button if active for a profile and you will be taken to the Conflict Manager. The Entity ID and the User/System Role will be greyed out and the Segregation of Duties button will be checked. Any Conflicts for the Selected profile and Entity will be listed.
Form Exits
QSG
Displays the version number of the E1Config software that you have and some contact details for QSoftware. Allows Users or Roles to be assigned to Functions or Components.
Cmpnts/ Functions
102
2 August 2007
Position to Functionality/Search Criteria

Although not visible, it is possible to start the list of User/System Roles from a specific point. In order to do this simply open up a folder directory by clicking on the + sign highlight a profile (PRISTDTA in the example below) and overtype*. * Note Overtyping will not rename a profile ID.
Rather than scrolling down to find the User/System Role that you require the display will reset to the value that you overtyped. In the example above a P was typed in and the display has now selected the first profile beginning with P. We recommend that you utilize this functionality especially if you have a large number of profiles to deal with as it can greatly reduce the amount of time taken to apply security.
103
2 August 2007
System Role The System Role field enables you to perform a more specific search for a Group/System Role Profile and all users associated with that Group/System Role. Enter or use the visual assist to select a System Role. Then click on the Find button, which will refresh the search. If you then open the System Role directory you will only see the profile that you selected to search upon (see below). If you then open the Users directory you will only see the Users that are members of the Group/System Role that you selected to search upon (see below). The Subset and All radio buttons control how the System Role field behaves if a partial name is entered. If the All radio button is clicked and the Find button is pressed, when the System Role directory is opened the list This way you can easily filter the list of profiles to target one Group/Role to review, add or modify attached parents and/or security records.
104
2 August 2007
User ID This field behaves in exactly the same way as that of the Position To functionality discussed above. The User ID Field allows you to start the list of users from a particular point. Enter or use the visual assist to select a User ID. Then click on the Find button to refresh the screen. Open the Users directory and the list of user profiles will begin from the selected profile to search upon (see below).
105
2 August 2007
User ID field in 8.x versions Due to the Multiple Role nature of the 8.x versions of E1, additional functionality is available to you. Entering a valid User Profile will reference the Role Relationship table (F95921) and pull in all of the Roles associated with the selected user. The System Roles directory will filter to show only those roles that belong to the chosen User. This makes it easier to see where conflicts are inherited from.
106
2 August 2007
Adding Parents to User/System Roles

In order to actually attach Functions and/or Components to User/System Roles locate the desired profile, highlight that record and either double-click or choose Select. This will take you to the Functions and Components form from where you can add either Functions and/or Components to the selected profile.
To add Functions or Components inquire on the relevant type, highlight the required record and click Select. The selected record will be attached to the User/System Role and sorted alphanumerically. Functions and Components cannot be added at the same time. If you are only choosing one Function or Component, you can double-click to attach it to the selected profile. You can use Ctrl>Click to choose multiple Functions or Components to attach to the Selected profile. You can use Shift>Click to choose a block of Function or Components to attach to a selected profile.
107
2 August 2007
User/System Role Detail

When you return to the User Security Management form the attached Functions and/or Components will be visible. If you have just entered the form or wish to view what Parents are appended to other profiles, click on the node next to the desired role and the Parents will be displayed.
108
2 August 2007
Bitmap Flags
Bitmap Blank
No Data or level 0
This setting means that no records have been attached to this profile in E1Config. Records may be attached in E1 but they will not be recorded or tracked unless incorporated into E1Config. This means that the status of the User security has changed in E1Config. This can mean one of three things has happened. Either new records, i.e. Components or Functions with Components, have been attached therefore the User Security needs to be built. Existing Components or Functions have been removed from the profile and therefore security needs to be rebuilt for the profile. Or existing records have changed, i.e. a Component has had an Application removed, and therefore security needs to be rebuilt for the profile.
Bitmap Red
Data Exists or level 1
Bitmap Green
Validated or level 2
This means that the profile has moved to a validated status. This is the same as building security for a User in proof mode so that Conflicts can be resolved before actual security records are appended to the profile. Any outstanding Conflicts can be viewed using the Conflict Manager. This means that the profile has moved to a Validated status but that Conflicts exits. Refer to the Conflict Manager section of this manual for resolution. This means that the Components and their security records have been attached to the profile and are now active that is they have been written to the F00950. Any outstanding Conflicts can be viewed using the Conflict Manager. If the completed white profile has a red top it means that conflicts exist for that profile.
Green and Red
Validated with Conflicts Completed or level 3
Bitmap White
White and Red
Completed with Conflicts
This means that the profile has moved to a Completed status but that Conflicts exits. Refer to the Conflict Manager section of this manual for resolution.
109
2 August 2007
Deleting records from the User Security Manager

Affected (red) Profiles and Validated* (green) Profiles Removing records attached to a profile or directly (by highlighting the profile) that is not at a built status will only remove those records from the E1Config tables (FY5AF512 and FY5AF513) but will not remove those records from the associated Template. To perform this type of Deletion simply click on the profile or the Function/Component concerned and click the delete button. A delete confirmation button will appear. Click on Yes to confirm deletion, or No to cancel the deletion. You can select multiple profiles or you can select multiple Functions and/or Components for deletion by using the Ctrl>click functionality. This process will not delete records from the F00950 as you may have existing security records set up against the relevant profile.
* - Deleting against a validated profile or records attached to a validated profile should revert the user to an affected (red) status if there are other records still attached, or a blank status meaning that they are. - Highlighting a profile and clicking Delete will not delete the user from the F0092 table. - The Deletion button is only active against the profile or Functions/Components that are attached directly to the profile. This is to stop you from deleting Functions and their connected Functions and/or Components from the associated Template.
Built (white) Profiles If a profile has had their security records built to the F00950 table then you may want to remove those records when you delete from within the User Security Management Screen, or you may want to retain the F00950 records. In order to facilitate these requirements use the same functionality as discussed above and once you have confirmed the deletion an additional delete confirmation box will be called. This box will ask you to perform one of two actions (see below). Clicking Yes will remove the F00950 records and remove any associated records from all E1Config tables . Clicking No will retain the F00950 records whilst removing any associated records from all E1Config tables .
- This will not remove Functions, Components or Security records from the associated Template.
111
2 August 2007
Reviewing Component Detail

One exception to the rule of not managing Parents from within the User Security Manager is that you can actually view and maintain Component Detail from within this form. This is because sometimes it is easier to review what security a profile has attached to it directly or to modify it directly, rather than having to do it through a different Application (Template Manager). Therefore this functionality has been incorporated into the User Security Manager. If you want to view or revise the Detail for a particular Component, firstly establish the correct user, highlight an attached Component (either directly or as a Component embedded in a Function) and double-click or click Select. This will take you directly into the Work with Components by Security Type form from where you can review or revise the Component detail for the selected Component.
112
2 August 2007
Copy User/System Role

Copying all Parents and their attached records from one to another User/System Role can save time in setting up security. To copy attached records highlight the User/System Role that you wish to duplicate and click Copy. You will be taken to the Copy User/System Role form from where you can copy Parents within the same entity or to a different one.
Field Descriptions
Add Records
Select this button to add any new records from the selected User/System Role to another profile. This will leave any existing records and add any that do not exist based on Parents not objects. Select this button and the records for the Copy To User/System Role will be deleted and replaced with those from the selected profile that you are copying. This displays the current Entity. This defaults to the current Entity but allows you to enter or select another as required.
113 2 August 2007
Replace Records
Copy From Entity ID Copy To Entity ID
Copy From User/System Role Copy To User/System Role User
This displays the current User/System Role. Enter or select the User/System Role that you wish to Copy records to. Check this button and the Copy To User / System Role visual assist button will call the User Search & Select form. Check this button and the Copy To User / System Role visual assist button will call the Role Search & Select form.
Role
114
2 August 2007
User Security Workbench Reports

Report
This report shows all Components attached to a Profile and also performs a Validate, displaying any Conflicts. Running this option is the same as performing an interactive Validate by User/System Role except that there is a detailed output produced.
Field Descriptions
Entity ID
The 30-character description that defines an Entity. The Template ID and all attached parents that are assigned to an Entity.
115
2 August 2007
Data Source
The Data Source is the E1 mapping where your security table resides. If you have more than one security table then you may require different Entities with different data sources.
User ID/System Role User Status Conflict Indicator
The User/System Role and description for the profile that has been Validated. This should always read 2 = Validated. Whether there are Security Conflicts for this profile. If Y then use the Conflict Manager to resolve them, or view the detail output for this report. The Security Detail, Component Level and Selection Flag should help you to pinpoint the reason for the conflict. Whether there are Segregation of Duties Conflicts and two Components have been added to the same profile that contravenes an establish SOD rule. Use the Conflict Manager to resolve any conflicts. Each Security Type is printed on a separate page for the selected User System Role in Numeric order 1-9 The Component ID from where the record originated. The level of the Component from which the record originated. Where the record was actually written. If there are records with the same security type and object name, but different values are trying to be written to the same User/System Role this field explains which record has actually been written due to the Component Level.
Segregation of Duties Issue
Security Type & Detail Component ID Component Level Selection Flag
116
2 August 2007
Validate All Users

This report shows the results of validations that have been performed against all User/System Roles that previously had a status of 1 (Records attached). The results of the validation can be seen below. All listed profiles will have a new status of 2 (Validated).
Field Descriptions
Entity ID
Description User/System Role Name
The 30-character description that defines an Entity. The E1 User/System Role for any profiles that were at a Status of 1 (Records Exist) at the time of submission. The Address Book description for the User/System Role.
117
2 August 2007
Conflicts Exist
Whether there are Security Conflicts for this profile. If Y then use the Conflict Manager to resolve them, or view the detail output for this report. The Security Detail, Component Level and Selection Flag should help you to pinpoint the reason for the conflict. Whether there are Segregation of Duties Conflicts and two Components have been added to the same profile that contravenes an establish SOD rule. Use the Conflict Manager to resolve any conflicts. Whether the Validation was successful for the appropriate User/System Role or Conflicts exist. Will display a count of the profiles that have been validated.
Segregation of Duties Issue Exist
Validation Result Number of Users Updated
118
2 August 2007
Build Validated
This report shows the results of builds that have occurred for all users that have a status of 1 (Records attached) or 2 (Validated).
Field Descriptions
Header User/System Role User/System Role Description Conflict Indicator
Displays the current Entity with description, Template with description and Data Source. Displays a list of all profiles that were built by the batch job Build Affected. Displays a list of all profile descriptions that were built by the batch job Build Affected. This field will either show as Y or N for the User/System Role if any Security Conflicts exist for that profile when built. This field will either show as Y or N for the User/System Role if any Segregation of Duties Conflicts exist for that profile when built. Shows whether the build completed successfully and if any Conflicts arose as a result for each profile.
119 2 August 2007
Segregation of Duties Issues Build Results
Build All
This report shows the results of builds that have occurred for all users that have a status of 1 (Records attached), 2 (Validated) or 3 (Complete).
Field Descriptions
Header User/System Role User/System Role Description Conflict Indicator
Displays the current Entity with description, Template with description and Data Source. Displays a list of all profiles that were built by the batch job Build Affected. Displays a list of all profile descriptions that were built by the batch job Build Affected. This field will either show as Y or N for the User/System Role if any Security Conflicts exist for that profile when built. This field will either show as Y or N for the User/System Role if any Segregation of Duties Conflicts exist for that profile when built. Shows whether the build completed successfully and if any Conflicts arose as a result for each profile.
120 2 August 2007
Segregation of Duties Issues Build Results
Component/Function Security Management

Some clients have requested a different methodology by which do apply Security to their users population from within E1Config. They have perhaps modified one Function that they then need to roll out to a number of different Roles or Users. To this end we have created the Component/Function Manager screen that allows you to attach User/System Role profiles to Functions and/or Components rather than the original way. The end result is still the same and Validation and Building is still performed through the User Security Manager. This screen has the added benefit of allowing you to view which Functions and/or Components are attached to which User/System Role profiles.
Field Descriptions
Entity ID Template ID
The name and description of the current Entity. The name of the template that is attached to the current Entity. This determines what Components and Functions are available to apply to Users within this entity.
121
2 August 2007
Adding User/System Roles to Parents

In order to actually attach User/System Roles to a Function or Component locate the desired parent, highlight that record and click on the User/Roles Row exit. This will take you to the Select User/Role form from where you can add Users and/or Roles to the selected Parent.
To add Profiles, highlight the required records and click Select. The selected record will be attached to the Parent and sorted alphanumerically. If you are only choosing one profile, you can double-click to attach it to the selected parent. You can use Ctrl>Click to choose multiple profiles to attach to the selected parent. You can use Shift>Click to choose a block of profiles to attach to a selected parent.
122
2 August 2007
Conflict Management
Conflict Manager
The Conflict Manager facility can be accessed from the QE1C101 Menu/Task, or from the Row Exit buttons in the User Security Manager form. If you access the Conflict Manager from QE1C101 it will show all User Conflicts and allow you to select different Templates or User/System Roles where necessary. If you access the Conflict Manager from the User Security Manager form then different results will show depending on which Row exit you take. Only the selected Template and User/System Role will be displayed. Segregation of Duties Conflicts will be displayed by Template and Profile if you select the Segregation Issues button and Security Conflicts will be displayed by Template and profile if you select the Conflicts button.
123
2 August 2007
Field Descriptions
Entity ID
If you access the form from the Menu then you can enter or select an Entity to Interrogate. If you only enter the Entity then all Security or SOD Conflicts will display. If you enter from the User Security Maintenance form then this will default to the Entity that you were managing and only allow you to work with that Entity. This field is mandatory. If you access the form from the Menu then you will be able to enter or select a profile for this field. Only those Conflicts that exist against that profile will be displayed for the selected Template. If you enter from the User Security Maintenance form then this will default to the selected profile and only allow you to work with that User/System Role.
User/System Role
User and Role Radio buttons
The User and Role radio buttons control what happens when you press the Visual Assist button in the User/System Role field. If the User button is checked then a User profiles Search & Select form will be called from the Visual Assist. If the Role button is checked then Role profiles Search & Select form will be called from the Visual Assist. This field is only active when accessed from a Menu/Task.
Security Settings
Checking this button will only show Security Conflicts. These Conflicts arise from Components that have the same level, the same objects but with different values for one or more objects and are assigned to the same User/System Role. This button will be checked by default if you choose the Conflicts Row exit from the User Security Manager form.
124
2 August 2007
Segregation of Duties
Checking this button will only show Segregation of Duties Conflicts. These Conflicts arise from rules where one or more Components that should not be, are assigned to the same User/System Role. This button will be checked by default if you choose the Segregation Issues Row exit from the User Security Manager form.
Row Exits
Apply Records
This button allows you to select which conflicting record that you want to apply to the User ID that is in conflict. Displays the version number of the E1Config software that you have and some contact details for QSoftware.
Form Exits
QSG
125
2 August 2007
Security Conflict Resolution

Conflicts only exist when Component Detail security is applied at the same level. Ideally if planning is executed correctly then no conflicts will exist. However if conflicts do exist then they are displayed here and the ability to resolve them is also provided. The security detail that is in Conflict is actually applied on a first come first served basis. For example if action security is applied to an application twice, once for Update and once for Inquiry only then the first entry (Update) is written to the Security Workbench. However, as soon as the second entry (Inquiry) is applied then the first record is not overwritten, a record is written to the Conflict Manager instead and you are made aware that a conflict exists.
The Red record (Update) is the first record that was written and therefore has been applied. The Blue record (Update-no-delete) is causing the Conflict. If you would rather that the User/System Role that is in Conflict only had the Update-no-delete capability for the conflicting application then you can do one of three things: 1. Apply the correct Component to the profile so that Conflicts do not occur. * Note - This may affect other Components and cause conflicts elsewhere.
2. Apply the correct Component Level to the components so that the right record is assigned and no conflict generated. 3. Highlight the Update record in the Conflict Manager and click the Apply Record button (see below) and the Update record will overwrite the Inquire record in the Security Workbench. The Conflict record will remain in the Conflict Manager so that you have some evidence of why the relevant security was applied for Audit purposes. * Note - You will have to perform this action every time that you run the Build Security feature.
127
2 August 2007
Component level Segregation of Duties

Segregation of Duties Conflicts only exist when a Segregation of Duties Rule has been broken. A Segregation of Duties Rule is established in a Template so that one Component should not be attached to the same User /System Role as another; in order to stop particular Users from being able to perform two tasks that are at variance with each other i.e. Costing and Pricing. An example of an SOD rule can be seen in the case below:
In this example 40CTCOST13 is the Costing Update component. Any user that has this component should not be able to perform Pricing Update (40CTPRICE3). Components can potentially be attached directly to a User/Group/Role profile or they can be embedded within Functions that are attached to Users/Groups/Roles. It is more likely that Segregation of Duties Rules will be broken if Components are embedded within Functions. Note Component Level SOD functionality is available by default based on the Component ID. If Object Level SOD has been enabled then Component SOD Rules are set up as Type 1 SODs.
128
2 August 2007
Object level Segregation of Duties

A new feature which has been introduced in E1Config Version 3.0 is the ability to add Object Level SODs. These are setup in the same way as Component SODs but work down to the security detail level of each Component. When a Profile is validated or built all associated Components are interrogated to establish any records that breach an Object level SOD rule. Below is an example of an Object Level SOD rule.
In this rule a User/s should not be able to create a Vendor with their own Bank Account details and create a Payment to this Vendor. The two Applications that allow this are P03B11 and P0410. Note Object Level SOD functionality is not available by default. To enable Object Level SODs check the Both radio button on the Segregation of Duties Tab of the E1Config System Setup application (PY5AF905). If Object Level SOD has been enabled then Object SOD Rules are set up as Type 2 SODs. In Version 3.0, Object Level SODs only work against Application Security Y i.e. when a Profile is validated or built the security records are checked and any components that contain P03B11 Application Security (3) Run=Y and P0410 Application Security (3) Run=Y are flagged as breaching the Object Level SOD rule above.
129
2 August 2007
An example of both of a User/System Role that breaches both of the above rules and Segregation of Duties Conflicts being flagged can be seen below:
The Profile USER8 is a User whose security has been built and Segregation of Duties Conflicts have been generated. 40CTCOST13 is listed as the SOD rule and 40CTPRICE3 is next to it behind the II break as the Component that has caused the Conflict. This profile also has Components attached to it that contain the records that breach the Object level SOD rule and therefore P03B11 is listed as the SOD rule and P0410 is next to it behind the || break as the object that has caused the conflict. In order to resolve a Conflict you should first establish where the Components and Objects are coming from i.e. are they attached directly to the profile or are they embedded within a Function or Functions that are attached to the User/Group/Role. If they are attached directly to a profile then you can easily resolve this Conflict by removing either the Costing or the Pricing Component from the user or The Standard Invoice Entry or Payment Company Information Component and rebuilding security for that profile/s. If the Components are embedded within a Function/s then you must establish why that Function has been attached to the User/Group/Role and determine a way that the Segregation of Duties Rules are not broken by removing Components from Functions or creating new Functions that do not contain the offending Components.
130
2 August 2007
Multi-level Conflicts
Segregation of Duties Conflicts can potentially exist across multiple security levels. This means that you can apply a Component, or Function containing a Component, at the Group/System Role level and then apply a different Component, or Function containing a Component, at the User level that causes a breach of Segregation of duties. This functionality is also consistent down to the *PUBLIC level and across Multiple Roles in 8.x versions When a multi-level conflict is generated the following message will be caused if you use an interactive validation/build. If you are using a batch process then a message will be printed on the relevant report to signify the same thing.
131
2 August 2007
In the example below the user ALEX4 contains a Component that breaches a rule based on the Component that is applied to one of its associated Roles (ROLE1 in this instance) and therefore the User is flagged up as having a Segregation of Duties Conflict.
132
2 August 2007
Multiple Roles Conflicts in 8.x versions

Multiple Roles add an extra level of complexity to the Conflict Management functionality as User can inherit security from many different places. Security conflicts are still only generated at the same level by Components with the same Component Level. SOD conflicts are generated at the same level, multi-level (across the User/Role/*PUBLIC levels) and also across Multiple Roles where users can potentially breach SOD rules across roles. Multiple Role Conflicts are reported at the User level even if that profile does not actually have any parents attached to it as this is where any conflicts will affect. Below is an example of a Multiple Role SOD conflict in 8.x. The User ALEX4 is associated with the Roles ROLE1 and ROLE4. A Component Level SOD breach and an Object Level SOD breach have occurred across the two roles and therefore the User to Role relationship is listed where the breaches have occurred.
133
2 August 2007
Multiple Roles Sequencing Conflicts in 8.x versions

Although Security Conflicts (see above) cannot exist across Multiple Roles we have introduced some useful functionality to help you to resolve potential conflicts based on the E1 hierarchical roles structure. In E1 any potential conflicts are resolved by the sequence number where the highest sequence number takes precedence where security conflicts exist. In the example below ROLE3 has a higher sequence number than ROLE2 and so takes precedence. The standard Security Conflict is not generated as the component levels are not the same; however P4111 has one update and one enquiry component applied to it. The enquiry component takes priority, but this may not be what you want and therefore we are reporting possible conflicts.
134
2 August 2007
E1Config Administration
Menu/Solution Explorer Task QE1C102 contains applications for the maintenance and administration of E1Config Version 2.0. See the E1 Config Setup section (above) of this manual for more information on this application and functionality therein.
135
2 August 2007
Q Software SPC
If this is a new installation of E1Config or you are upgrading from a previous version of QBuild, you must first add a unique Software Protection Code (SPC) via the application PY5AF900. If you have not entered an SPC before, the left hand side of your screen (see below) will be blank. If you have entered an SPC before, then the left hand side of your screen will be populated with the existing information as in the example below.
You must then contact QSoftware (preferably via the support section of www.qsoftware.com) so that we can generate a unique Software Protection Code for your E1Config software. In order to expedite this process, please send us a screen shot of the SPC form PY5AF900/WY5AF900B containing the following information:Number of JDE seats JDE License Expiry Date Deployment Server Name
136
2 August 2007
Once you have received an SPC from us, enter the provided code into the SPC Code fields and click OK. If the Code is accepted you will not receive an error message and will be able to use the software.
137
2 August 2007
Update Inclusive/Exclusive Row Security

Two different forms of Row security are available to users of E1. The default setting is Exclusive whereby you must exclude ranges of data to inhibit what ranges of data users can access. Inclusive allows you to specify ranges of data that you want users to see. In order for Inclusive Row security to function you must write an SQL statement to the F00950 at the database level. This functionality is available in standard E1. We provide you with the same functionality as well as being able to remove the settings.
Field Descriptions
None
This button will be unavailable unless you have previously set up a database Row Security record. If this button is available, check the button and press enter to delete the database Row Security record. This button will be checked by default, but no value will actually exist on the database until you set one up. Check this button and click OK to set up an Exclusive database Row security record. Check this button and click OK to set up an Exclusive database Row security record.
Exclusive
Inclusive
138
2 August 2007
Component Data Conversion (RY5AF500)

The Component Data conversion report is designed so that users of QBuild version 1.2 can convert their existing Component information into E1Config version 3.0 format. Users of later versions of QBuild 92x versions) and new E1Config version 3.0 users will not need to run this application. Only QBuild Version 1-1.2 users will need to run this application when they first receive E1Config version 3.0 so that your existing security investment can be safeguarded. Execute the application from the menu/task and filter the output using the available Processing Options (see below). Processing Options Type Process Option Proof or Final Mode Blank= Run report in proof mode 1= Run report in final mode Enter the required Template ID to load the existing Security Data into. If left blank the default value E1TMPLTE will be used. Explanation This option allows you to be certain that the correct data is being created in the correct place. It is advisable to run this report in Proof Mode first. The Template ID refers to where the Components will be created. See the Template Manager section of this manual for more information on Templates. The visual assist allows you to select from a list of your existing Templates. If you add a Template name that does not exist then that Template will be created when the application is run in Final Mode. Enter the required Entity ID to load the existing security Data into. If left blank the default value E1ENTITY will be used. The Entity ID refers to which Security Table the Components will be pointed. Ensure that you have created an Entity ID before you run this application. See the Entity Manager section of this manual for more information on Entities.
A report will be produced that will list what records have been copied to the target Template and Entity.
139
2 August 2007
Field Descriptions
Header Template ID Entity ID Shows the Template ID and description for the Template that is being reported on. Shows the Entity ID and description for the Entity that is being reported on. Displays the QBuild V1.2 Component that the conversion was attempted for. The Parent type Component. The Parent description. If a Country code was added to the Component. If a Department code was added to the Component. Displays the Component level for components from V1.2. If the Component had been written to a User in Version 1.2. Blank if Yes N if no.
Detail Component Parent Name Parent Type Description Country Department Component Level Build Indicator
140
2 August 2007
Conflict Indicator Security Indicator Insertion status Detail Function Parent Name Parent Type Child Name Child Type Display Sequence Component Level Insertion Status Detail User User ID Alpha Name Display Sequence Function ID Insertion Status
Whether the Component had Conflicts associated with it in version 1.2. The Security Indicator for the Component from version 1.2. Displays whether or not the Component was successfully created. Displays the QBuild Config V1.2 Component that the conversion was attempted for. The Parent type Function. The ID of the parent attached to the Function in V1.2. Whether a Component or Function. The order in which the children were attached to the Function in V1.2. The Component Level of any Components attached to Functions in V1.2. Displays whether or not the Function and all appended records were successfully created. The User/System role to which version 1.2 parents were attached. The description of the User/System Role. The order in which the parents were attached to the User/System Role. The Parent ID that was attached to the User/System Role in V1.2 Displays whether or not the User/System Role and all appended records were successfully created.
* Warning: - The Template and Entity specified in the Processing Options will be deleted along with any data that they contain. Please be aware of this when running the report.
141
2 August 2007
Security Data Capture (RY5AF950)

This report enables you to incorporate any existing security data into E1Config. From the F00950 a specific User/System Roles security can be added to E1Config. This means that you are not wasting the investment that you have already put into security. This data can then be re-used within E1Config in the form of Components and you also gain the benefit of E1Configs tracking capabilities. Execute the application from the menu/task and filter the output using the available Processing Options (see below). Processing Options Type Select Option Enter the User/System Role to create the Component records for. Explanation This option refers to the User/System Role within the F00950 that you wish to incorporate into E1Config in Component format. If left blank all profiles will have a Component record created in the target Template. This option refers to the Security Type within the F00950 that you wish to include into E1Config Components. If left blank all Security Types will be included. The Template ID refers to where the Component will be created. See the Template Manager section of this manual for more information on Templates. The visual assist allows you to select from a list of your existing Templates. If you add a Template name that does not exist then that Template will be created when the application is run in Final Mode. Enter the Component Level of the created Component Detail records. Process Enter a 1 to run this report in Final Mode and create Component records. If left blank only the report will be created. Specifies the Component Level that will be used when the Components are created. If left blank Level 8 will be used. This option allows you to be certain that the correct data is being copied from your F00950 into E1Config in the right place.
Enter the Security Type to create the Component records for.
Default
Enter the Template ID to contain the created Component Detail records. If left blank default value E1Config will be used.
142
2 August 2007
Enter a 1 to replace existing components.
If a 1 is entered any existing components will be recreated. If left blank only new components will be created.
A report will be produced that will list what records have been copied to the Target Template. * Note: - All Components will be created with a Header record that is the same as the profile that was used to create it from the F00950. The description for each Component will read Automatically Generated Component. Each Component will have a Component Level of 8. It is recommended that you use these Components as a basis to create others by copying.
143
2 August 2007
Field Descriptions
Header Template ID Shows the Template ID and Description for the Template to which the security records have been captured. Displays all Components that are attached to the selected Template along with their descriptions. The E1 security type i.e. 1 = Action Code security. The description for each security type. The object ID that has been created in E1Config from the F00950 record. The object description The data item for Row and Column security. The Row security values. The E1 system code for the object.
144 2 August 2007
User ID Detail Security Type Security Type Description Object Name Object Name Description Data Item From Data Value Product Code
Insertion Status Footer Number of Component records created Number of FY5AF405 entries created. Number of FY5AF501 entries created.
Describes whether each entry has been added successfully or that it already exists. After each profile that has had its security records added to E1Config the number of records for each Component will be listed. This figure is printed at the bottom of the report and will list how many Component Detail records have been created by the job. This figure is printed at the bottom of the report and will list how many Components have been created. This can also be used to denote how many profile records existed in the F00950.
145
2 August 2007
Component Generator (RY5AF540)

This report enables you to create Components based on your existing Solution Explorer Tasks. Specifically using your Non-Software Tasks as Component Headers and all applications, with a relationship to those Tasks, as the Security detail records within that generated components. Processing Options allow you to do this in a number of different ways. Task-based Components can be created for different Templates; ranges of custom components can be generated if you have created your tasks in a logical manner and components can be created by module to allow you stagger the roll out of security. Most importantly hidden programs can be created the applications that are attached to your tasks so that an All Doors Closed strategy is still viable without having to rely on Cross Referencing every object. Execute the application from the menu/task and filter the output using the available Processing Options (see below). Processing Options Type Select 1. Option From Task Identifier Blank = *ALL Explanation Enter or use the Visual Assist to Select a Task. This will be the first task created. Leave this field blank to create Components for all your Solution Explorer Tasks. To Task Identifier Blank = *ALL Enter or use the Visual Assist to Select a Task. This will be the first task created. Leave this field blank to create Components for all your Solution Explorer Tasks. 2. From Task Name Blank = *ALL Enter or use the Visual Assist to Select a Task. This will be the first task created. Leave this field blank to create Components for all your Solution Explorer Tasks. From Task Name Blank = *ALL Enter or use the Visual Assist to Select a Task. This will be the first task created. Leave this field blank to create Components for all your Solution Explorer Tasks. 3. Task View Blank = *ALL Enter or use the Visual Assist to Select a Task View. This will create Components for all non-software (07) Tasks that are part of a Task View.
146
2 August 2007
4.
Product Code Blank = *ALL
Enter or use the Visual Assist to Select a Product Code. This will create Components for all non-software (07) Tasks that are part of a Product Code i.e. 04 for Accounts Payable. Enter or use the Visual Assist to select the name of the Template that you wish to generate your Components within. Enter the Component Level that you wish your Components to be created at. You can only create components at one level at a time so if you need to create update and inquiry components then you will have to run this application twice.
Default
5.
Template
6.
Component Level
Process
7.
Replace Existing Components. Blank = Do not replace existing components. 1 = Replace Existing components. Where more than one component has been created based on the task the most recently created component will be replaced.
This option allows you to create multiple components for the same task. If a Task has been modified then this option allows you to keep your Components in synchronization with your tasks.
8.
Use Available Alternate Language Descriptions.
Enter or use the Visual Assist to select a language. UDC 01/LP. If you are using multiple languages in your enterprise then this option will allow you to create tasks with different language descriptions.
147
2 August 2007
1. & 2. Entering a From and To task identifier/name will enable you to create a range of Components. For example: Identifier From G41 To G41411 will create components for all of the Inventory E1 Menus. Name From Inventory Management To Inventory User Defined Codes will create components for all of the Inventory E1 Menus. A report will be produced that will list what components have been created in the Target Template. The report will display the Processing Options that were selected, the Component Headers that were created and it will also list which application security records were created including which applications can be classified as Hidden Programs. * Note: - All Components will be created with a header record based on a Next Number routine for the Next Number system Y5AF E1Config.
148
2 August 2007
Field Descriptions
Header Task Task ID Type Product Detail Component Name View ID Displays the Component ID for each generated component. Displays the description for each generated component. Displays the Task View ID and that each generated component was based upon. Displays the name of the Task that each generated component was based upon. Displays the ID of the Task that each generated component was based upon. Displays the Task type that each generated component was based upon. Displays the product code of the Task that each generated component was based upon.
149
2 August 2007
View Program
Displays the Task view description that each generated component was based upon. Lists the application security records that have been created attached to the generated component in E1Config. Lists the Task name of the task/application that each generated security record was created for. Lists the Task ID of the task/application that each generated security record was created for. Lists the type of task/application that each generated security record was created for. List the product code of the task/application that each generated security record was created for.
Task Task ID Type Product Code
See below the created task for the example above:
150
2 August 2007
User Clean Up QSG Tables Only

This report enables you to clean up redundant records that exist in the E1Config tables that relate to users that have been removed from your system. By running this version of the report (RY5AF570/QSG0001) we perform a consolidation against the F0092 table and the QSG Tables, which are, the FY5AF402/FY5AF512/FY5AF513/FY5AF515. Any profiles that do not exist in the F0092, but that do exist in the QSG tables listed above will have their records removed from those tables. In order to completely remove security records related to any profiles that have been removed from the system you should run the combined version of the User Clean Up report QSG and F00950 Tables Version (RY5AF570/QSG0003). Processing Options Type Option Explanation Determines if tables are updated or not Blank or 0 Tables not updated 1 Tables updated A report will be produced that will list what records have been removed from the target Entity or Entities.
Proof/Final Proof or Final Mode
151
2 August 2007
Field Descriptions
Table
User/System Role
152
2 August 2007
User Clean Up F00950 Table Only

This report enables you to clean up redundant records that exist in the E1 security table that relate to users that have been removed from your system. By running this version of the report (RY5AF570/QSG0002) we perform a consolidation against the F0092 table and the F00950 table. Any profiles that do not exist in the F0092, but that do exist in the E1 table listed above will have their records removed from the F00950 table. In order to completely remove security records related to any profiles that have been removed from the system you should run the combined version of the User Clean Up report QSG and F00950 Tables Version (RY5AF570/QSG0003). Processing Options Type Option Explanation Determines if tables are updated or not Blank or 0 Tables not updated 1 Tables updated A report will be produced that will list what records have been removed from the target Entity or Entities.
153
2 August 2007
Field Descriptions
Table
User/System Role
154
2 August 2007
User Clean Up QSG and F00950 Tables

This report enables you to clean up redundant records that exist in the E1 security table that relate to users that have been removed from your system. By running this version of the report (RY5AF570/QSG0003) we perform a consolidation against the F0092 table and both the F00950 table and the QSG tables, which are, FY5AF402/FY5AF512/FY5AF513/FY5AF515. Any profiles that do not exist in the F0092, but that do exist in the QSG tables or the E1 table listed above will have their records removed from the F00950 table. Processing Options Type Option Explanation Determines if tables are updated or not Blank or 0 Tables not updated 1 Tables updated A report will be produced that will list what records have been removed from the target Entity or Entities.
155
2 August 2007
Field Descriptions
Table
User/System Role
156
2 August 2007
E1Config Reporting
Menu/Solution Explorer Task QE1C103 contains the menus calls for all of the reporting menus associated with E1Config.
157
2 August 2007
Maintain Reporting Codes (PY5AF945)

E1Config V3.0 introduces new Reporting Code functionality that allows a Customer to create up to five user defined reporting codes for each parent type (i.e. Functions, Components or Segregation of Duties) which can be used to filter the parents that are printed on the Advanced E1Config reports (RY5AF535, RY5AF536, RY5AF537 and RY5AF538).
Click on the relevant button to access the appropriate reporting codes.
158
2 August 2007
Click the appropriate radio button and press the Next button.
159
2 August 2007
Field Descriptions
Description Active Y/N
This is a 40-character field that is used to describe the reporting code. If ticked, allows users to be able to select a value for this reporting code on the Parent Header Information form (PY5AF501/WY5AF501B). This is a 3-character field that is used to define the reporting code value. This is a 40-character field that is used to describe the reporting code value.
Reporting Code Value Reporting Code Description
160
2 August 2007
Advanced E1Config Reports Front-End (PY5AF550)

Many customers have asked us for comprehensive reporting functionality for the E1Config software and we have produced a series of reports that deal with this potentially complex area. The main issues involved in the complexity are the potential search criteria involved and due to the embedded nature of Components and Functions. To this end we had to produce a large number of processing options which made the process of reporting very complex as there are a number of dependencies between processing options. To this end we have produced a front-end that simplifies this process to give you some simple options to query your E1Config setup.
Click on the relevant button to access the available reports for that section.
161
2 August 2007
For each section there are some selection fields that you will be prompted for entry; these are discussed below. Field Descriptions Template ID Enter or use the Visual Assist to return a valid Template ID to report upon. Always enter a Template ID if you are prompted, either with other values or alone. Function ID Component ID App, Form, UBE, File Version Enter or use the Visual Assist to return a valid Function ID to report upon. Enter or use the Visual Assist to return a valid Component ID to report upon. Enter or use the Visual Assist to return a valid Object ID to report upon. Enter or use the Visual Assist to return a valid Version ID to report upon. Ensure that an Object value has been entered in conjunction with this field. Security Type Component Level Entity ID Enter or use the visual assist to select a valid security type to report on. Enter or use the visual assist to select a valid Component Level to report on. Enter or use the Visual Assist to return a valid Entity ID to report upon. Always enter a Entity ID if you are prompted, either with other values or alone. Reporting Codes Use any available reporting codes to filter the parents included in the report
162
2 August 2007
Template Reporting
Template Reporting is critical within the product to ensure that you and your auditors know what is contained within each Function, Component and Segregation of duties rule. To report on each parent type, take the relevant radio button from the Template Reporting screen and then see the relevant section below as to which reports are available.
163
2 August 2007
Functions by Template
Below is a list of all the available Function-based reports that you can run and below that is an explanation of each of these reports and a sample of one or more of the reports.
Title A simple list of functions A list of functions with all attached components
Description This report will print a list of the Functions that exist for a selected Template. This report will list all of the Functions for a selected Template and all of the Components that are attached to each of the listed Functions. Each Component will be displayed with its Component Level. This report will list all of the Functions for a selected Template and all of the Components that are attached to each of the listed Functions. Each Component will be displayed with its Component Level. This version will also show any embedded functions and their associated Components.
164 2 August 2007
A list of functions with all attached functions and components
A list of functions with all attached Components and all associated security records
This report will list all of the Functions for a selected Template, all of the Components that are attached to each of the listed Functions as well as their related Component Level and all the security records associated with each Component. This report will list all the Functions within a selected Template that contain a selected Function. This report will list all the Functions within a selected Template that contain a selected Component. The security records associated with each component will also be reported. This report will list all the Functions within a selected Template that contain Components that have security records associated with a selected object and/or version. The security records for the selected object and/or version will also be printed. This report will list all the Functions within a selected Template that contain Components that have security records associated with a selected security type i.e. Column Security. The security records for the selected security type will also be printed. This report will list all the Functions within a selected Template that contain Components that have security records associated with a selected object and/or version. The security records for the selected Components will also be printed.
A list of Functions that have a selected Function attached to them (Header and Detail) A list of Functions that have a selected Component attached to them (Header and Detail) A list of Functions that have Components that contain security records for a specific object (Application, Form, UBE, File) (Header and Detail) A list of Functions that have Components that contain security records of a specific security type (Header and Detail) A list of Functions that have a Component with a particular Component Level (Header and Detail)
Below are some samples of the Functions by Template report:
165
2 August 2007
166
2 August 2007
167
2 August 2007
Segregation of Duties by Template

Below is a list of all the available Segregation of Duties-based reports that you can run and below that is an explanation of each of these reports and a sample of one or more of the reports.
Title A Simple list of Segregation of Duties A list of Segregation of Duties and all attached Components A list of Segregation of Duties and their attached Components and associated security detail records
Description This report will print a list of the Segregation of Duties Rules that exist for a selected Template. This report will print a list of the Segregation of Duties Rules that exist for a selected Template as well as the Components associated with each SOD rule. This report will print a list of the Segregation of Duties Rules that exist for a selected Template as well as the Components associated with each SOD rule. All of the security records related with each Component will also be printed.
168
2 August 2007
A list of Segregation of Duties that have a selected Component attached to them (Header and Detail) A list of Segregation of Duties that have Component(s) that contain a specific object (Application, Form, UBE, File) (Header and Detail) A list of Segregation of Duties that have Component(s) that contain a specific security type (Header and Detail)
This report will print a list of the Segregation of Duties Rules within a selected Template that contain a selected Component. All of the related security records for the selected Component will also be printed. This report will print a list of the Segregation of Duties Rules within a selected Template that contain Components which have a selected object and/or version associated with them. All of the related security records for the selected object and/or version will also be printed. This report will print a list of the Segregation of Duties Rules within a selected Template that contain Components which have a selected security type associated with them. All of the related security records for the selected security type will also be printed.
Below are some samples of the Segregation of Duties by Template report:
169
2 August 2007
170
2 August 2007
Components by Template
Below is a list of all the available Component-based reports that you can run and below that is an explanation of each of these reports and a sample of one or more of the reports.
Title A simple list of Components
Description This report will print a list of all the Components that exist for a selected Template and their associated Component Level. This report will print a list of all the Components that exist for a selected Template and their associated Component Level. All of the related security records for each Component will also be printed.
A list of Components and their attached security records
171
2 August 2007
A list of Components that contain a particular object (Application, Form, UBE, File) (Header and Detail) A list of Components that contain a particular Security Type (Header and Detail)
This report will print a list of the Components within a selected Template that contain security records for a selected object and/or version associated with them. All of the related security records for the selected object and/or version will also be printed. This report will print a list of the Components within a selected Template that contain records for a selected security type. All of the related security records for the selected security type will also be printed. This report will list all the Components within a selected Template that have a selected Component Level. The security records for the selected Components will also be printed.
A list of Components that contain a particular Component Level (Header and Detail)
Below are some samples of the Components by Template report:
172
2 August 2007
173
2 August 2007
Entity Reporting
Entity Reporting is critical within the product to ensure that you and your auditors know what Functions and Components are attached to which Profiles on your system as well as the Integrity between your E1Config tables and your F0092 and F00950 tables. To report on either security or integrity take the relevant radio button from the Entity Reporting screen and then see the relevant section below as to which reports are available.
174
2 August 2007
Security by Entity
Below is a list of all the available Entity-based reports that you can run and below that is an explanation of each of these reports and a sample of one or more of the reports.
Title A list of Users that exist for a particular Entity, their Functions and optionally Components A list of Users that exist for a particular Entity, their Functions and Components and associated security records
Description This report prints a list of all the Profiles within a selected entity, that have been built, and what Functions and Components are applied to those profiles. This report prints a list of all the Profiles within a selected entity, that have been built, and what Functions and Components are applied to those profiles. The security records for each Component will also be printed.
175
2 August 2007
A list of users that have a selected Function (either directly or via another Function) attached to them (Header and Detail) A list of users that have a selected Component (either directly or via another Function) attached to them (Header and Detail) A list of Users that have Components attached to them that contain a selected object (Application, Form, UBE, File) (Header and Detail) A list of Users that have Components attached to them that contain a selected security type (Header and Detail) A list of Users that have Components attached to them with a particular Component Level (Header and Detail)
This report prints a list of all the Profiles within a selected entity, which have been built, that have a selected Function attached to them. The Functions and Components attached to the selected Function will be displayed as will the security records for each Component will also be printed. This report prints a list of all the Profiles within a selected entity, which have been built, that have a selected Component attached to them. The security records for each Component will also be printed. This report prints a list of all the Profiles within a selected entity, which have been built, that contain Components which have a security records associated with a selected object and/or version. The security records for the selected object and/or version will be printed. This report prints a list of all the Profiles within a selected entity, which have been built, that contain Components which have a security records associated with a selected security type. The security records for the selected security type will be printed. This report prints a list of all the Profiles within a selected entity, which have been built, that contain Components which have a selected Component Level in their Header Record.
176
2 August 2007
177
2 August 2007
178
2 August 2007
User Reporting
This report allows you to list the Functions, Components, Objects and security records applied to specific profiles on your system.
Title Security By User
Description This report will list all the Functions and attached Components along with their associated security records that are attached to all the profiles for a selected Entity. This report will list all the profiles for a selected Entity that contain a selected Function. The security records for all components attached to the selected Function will also be printed. This report will list all the profiles for a selected Entity that contain a selected Component. The security records for the selected Component will also be printed. This report prints a list of all the Profiles within a selected entity, which have been built, that contain
179 2 August 2007
Function By User
Component By User
Users With Object

Components which have a security records associated with a selected object and/or version. The security records for the selected object and/or version will be printed. Segregation Of Duties Conflicts By User/Group This report will print a list of all the Security and Segregation of Duties Rule conflicts that exist for a selected Entity.
180
2 August 2007
181
2 August 2007
Security Workbench Audit reporting

Menu/Solution Explorer Task QE1C104 contains the menus calls for all of the reporting options associated with Security Workbench auditing within E1. Users who are on certain versions of E1 will see different security types based on what is available for their release. Below is the 8.12 release with tools 8.96.
182
2 August 2007
Report by Security Type (RY5AF100)

This report enables you to list each security type that exists in the F00950. The processing options for each version of the report are set to enable that version of the report to run by security type. The report defaults to check for all records that exist for group/role profiles. In order to see more or different detail you will have to change the data selections. The report will be sectioned by profile so that each profile, that has records for the relevant security type, will have its own page/s. Data selections can be used to run the report by any other value that exists in the F00950/F0092. For example you may want to produce a list of all Action Code security that exists for a particular user/group/role profile on the system or you may want to output all the Row security that exists for a particular table in the security file. Processing Options Type Type Option Security Type Explanation Each version of this report has a default security type value that should not be modified.
A report will be produced that will list what records, related to each security type, that exist in the F00950. An example of the output can be seen below where the Action Code security for the GROUP 6 profile has been listed.
183
2 August 2007
Field Descriptions
Header Version The report will display the version of the RY5AF100 report that has been run and the security type that the report relates to. Each section of the report will display security records related to a different profile. The object that has had security applied to it for the listed profile. The description of the object. Depending upon the security type that the report has been submitted for, additional columns will be displayed e.g. Alias, From Value etc. The security values related to the object. The columns will vary depending on the security type that is being reported on.
184 2 August 2007
Profile Detail Object Name Object Description Miscellaneous
Values
Environment Access Report (RY5AF110)

This report enables you to list what environments your user population has access to. The report defaults to check for all records that exist for group/role profiles in the F0093. In order to see more or different detail you will have to change the data selections. The report will be sectioned by environment so that each environment is listed with the profiles that have access to that environment in alphanumeric order. Data selections can be used to run the report by any other value that exists in the F0093/F0094. For example you may want to produce a list of all profile that can access a particular environment or all environments a particular Group/Role has access to.
Field Descriptions
Environment Description Path Code User/System Role User Name
The Environment Name as defined in the F0094. The Description of each environment. The E1 defined Path Code. The profile that has access to the displayed environment. The description of the profile from the Address Book.
185 2 August 2007
User to Group/Role Comparison Report (RY5AF111)

This report enables you to list what Users are attached to which Groups/Roles on your system as defined in the F0092. The report is listed by Group/Role profile and will display which users are attached to each Group/Role. The report defaults to check for all group/role profiles that are defined in your F0092 with a System Role value of *GROUP. Data selections can be used to run the report by any other value that exists in the F0092. For example you may want to produce a list of all profiles that are part of a specific group/role.
186
2 August 2007
Field Descriptions
System Role User Name Address Number Description Menu ID Fast Path
The name of the System Role profile. The name of each User that is associated with the displayed group/role. The Address Number, if any, that is associated with the listed User. The Address Book description, if any, that is associated with the listed user. The Initial Menu, if any, that will be called if a user signs on to oexplore.exe Whether or not the listed user has access to the Fast Path capability when they sign on to oexplore.exe.
187
2 August 2007
Application & Action Code Net Effect

There are six possible security values that determine whether or not a User has access to an application or form as well as six further values controlling what actions a user can perform on that application or form. If you were to use the F00950 to check what application and/or application security a particular individual has this would not be possible in one query. Therefore we have created the Net Effect application to expedite this process. This application is only supported in Xe and ERP8 versions due to the Multiple Roles available in 8.x versions.
Search Criteria/Field Descriptions
User ID
Enter or use the Visual Assist to return a User profile to this field to establish what Application &/or Action Code security an individual has. This application only supports User Profiles and not Groups or System Roles. An Application Name or Form ID must be entered in conjunction with this profile ID for the application to return any records.
188
2 August 2007
Application Name
Enter or use the Visual Assist to return an Interactive Application Id to this field to inquire on what, if any, security exists for that object. A User ID must be entered in conjunction with this object name in order to return any results.
Form ID
Enter or use the Visual Assist to return a Form ID to this field to inquire on what, if any, security exists for that object. A User ID must be entered in conjunction with this object name in order to return any results.
Version
Enter or use the Visual Assist to return a version of any selected application to only report on that version. This field can only be used when the Application button is checked. A User ID must be entered in conjunction with this object name in order to return any results. Once you have entered either a User and an Application Name or a User and a Form ID click on the Find Net Effect button to return the results of the query. Whether or not (Y/N) a User can Install (JITI) a specific application. Whether or not (Y/N) a User can Run an application or form. *ALL is a generic object name that will affect all applications and forms at the level to which it is applied. The specific program level will supersede any *ALL values at the same level. Whether or not (Y/N) the user has an Add capability from within an application/form. Whether or not (Y/N) the user has an Change capability from within an application/form. Whether or not (Y/N) the user has an Delete capability from within an application/form.
189 2 August 2007
Find Net Effect
Install Appl Run Appl *ALL
PGM Add Chg
Delete
Select
Whether or not (Y/N) the user has an OK/Select capability from within an application/form. Whether or not (Y/N) the user has an Copy capability from within an application/form. Whether or not (Y/N) the user has the ability to scroll to the end of the data selected from within an application/form or whether they see it a page at a time. These are the system accepted values for the user. Whether or not they have access to an application and what actions they can perform using that application. If any of these fields are blank then a Y value is assumed by E1 for the selected user and application/form.
Copy Scroll to End
Net Effect
In the example below APUSER1 has access and update to the Address Book because they are inheriting the application YY from their Group level and the action YYYYYY values at the User level which is overriding the *PUBLIC application *ALL NN (All Doors Closed) and action *ALL NNNYNY (Inquiry Only) values.
190
2 August 2007
Net Effect Report (RY5AF565)

We have added the Net Effect report to create a batch version of the application described above. The report work in a slightly different way in that it can interrogate the F00950 for all users, or a range of users, for a selected application. This application is only supported in Xe and ERP8 versions due to the Multiple Roles available in 8.x versions. Processing Options Type Select Option From User ID / System Role Blank = *ALL From User ID / System Role Blank = *ALL Object Name Explanation Enter or use the visual assist to return a profile to this field to report on that profile or a range of profiles. Enter or use the visual assist to return a profile to this field to report on that profile or a range of profiles. Enter or use the Visual Assist to return an application name to this field to report on. This field is mandatory to the working of the UBE.
Note This report can only be run against Applications (both Interactive and Batch). Also if you leave the From and To user fields blank this will report on all Profiles in your implementation and therefore could be potentially huge!
191
2 August 2007
An example of this report (RY5AF565) can be seen below.
192
2 August 2007
E1Config Component Creation
A detailed explanation of these reports can be seen in the E1Config Administration section of this manual.
193
2 August 2007
Auditing
Auditing is enabled by checking the Enable Audit check-box on the Audit tab of the E1Config Setup application (PY5AF905/WY5AF905A).
Tables
Once Auditing has been enabled the functionality will allow you to track and record any additions, changes and deletions to the following tables. QSG Table FY5AF402 FY5AF405 FY5AF430 FY5AF440 FY5AF501 FY5AF510 FY5AF512 FY5AF513 FY5AF515 FY5AF905 Description User Status Table Component Detail File Template Master Entity Manager Parent Header Parent Detail Function Tracker Component Tracker Conflict Manager Control Table Audit Table FY5AFA01 FY5AFA02 FY5AFA05 FY5AFA06 FY5AFA03 FY5AFA04 FY5AFA07 FY5AFA08 FY5AFA09 FY5AFA10
Each of the above tables has the same specifications as the corresponding QSG table plus the following additional fields that allow you to audit what change occurred, how, where, when and by whom. These fields can be seen below:
Audit Fields
Field UKID Description Unique ID Explanation This field allows each audit action a unique reference number. There may be multiple records related to a particular action. This code allows you to determine whether an audit record occurred Before or After an action. See the Actions section below for more detail.
2 August 2007
Y5AFBACD
Before/After Code (B,A)
194
Y5AFFOCD Y5AFCMRF Y5AFAPID
File Operation Code (A,C,D) A=Add, C=Change, D=Delete Change Management Reference Audit Program ID
This code determines what action was performed to the table. This Change Management Reference is for future use. This field displays the Program that was used to employ the relevant action. This field displays the User Id that performed the relevant action. This field displays the Workstation from which the action was performed. This field displays the Date on which the action was performed. This field displays the time at which the action was performed.
Y5AFAUID Y5AFAJBN Y5AFAPMJ Y5AFAPMT
Audit User ID Audit Workstation Audit Date Updated Audit Time Last Updated
Actions
The following types of actions will be recorded for each table. When a record is Added to a table then an After image record is added to the associated Audit table. When a record in a table is Changed then a Before image record and an After image record are both added to the associated Audit Table. When a record is Deleted from a table then a Before image record is added to the associated table.
195
2 August 2007
Audit Enquiry
The Audit Enquiry application (PY5AF553) can be accessed from the Auditing Menu (QE1C109) if you are using owexplore.exe or the Auditing Task (QE1C109) if you are using activeconsole.exe. This screen allows you to query all of the audit records that have been generated in the audit tables. See above for which tables are audited and which tables are used to record the associated audit records.
Check the Audit Table that you wish to query and then click the Continue button to view the contents of the selected audit table.
196
2 August 2007
Field Descriptions
From Audit Date
This date will default to a month prior to todays date. Records will therefore be filtered to show all for the previous month. Enter or select a date to filter the audit records from that date onwards. This date will default to todays date. Records will therefore be filtered to show all for the previous month. Enter or select a date to filter the audit records from before that date. Each query relates to an audit table associated with a QSG table (see above). The QBE fields therefore allow you to filter the records for each of these tables based on the value entered for that specific field. Each query contains all fields for the relevant QSG table as well as the additional audit fields (see above).
To Audit Date
QBE Fields
197
2 August 2007
Audit Reports
The QE1C109 Menu/Task also allows you to run UBEs that produce .pdf reports of the audit records for each QSG table.
User Status (FY5AF402) Report (RY5AF555A)

This report allows you to report on any audit records associated with actions that update the User Status Table. Processing Options Entity Enter or select a valid Entity Id to report on audit records associated with that Entity. Leave this field blank to report on all Entities. Enter or select a valid User Id to report on audit records updated by that profile. Leave this field blank to report on all Users. Enter or select a valid User Status (Changed/Validated/Built) to report on records for that User Status. Leave this field blank to report on profiles with any status. Enter or select a valid date to report on all audit records from that date. Leave this field blank to report on all dates. Enter or select a valid date to report on all audit records up to that date. Leave this field blank to report on all dates. Enter or select a valid File Operation Code (Add/Change/Delete) to report on all audit records for that code. Leave this field blank to report on all codes. This field is for Future Use.
User/System Role
User Status
From Date
To Date
File Operation Code
Change Management Reference
198
2 August 2007
An example of the RY5AF555A report can be seen below.
199
2 August 2007
Component Detail (FY5AF405) Report (RY5AF555B)

This report allows you to report on any audit records associated with actions that update the Component Detail Table. Processing Options Template Enter or select a valid Template Id to report on audit records associated with that Template. Leave this field blank to report on all Templates. Enter or select a valid Component to report on audit records associated with that parent. Leave this field blank to report on all Components. Enter or a valid Object Id to report on records for that object. Leave this field blank to report on all objects. Enter or select a valid date to report on all audit records from that date. Leave this field blank to report on all dates. Enter or select a valid date to report on all audit records up to that date. Leave this field blank to report on all dates. Enter or select a valid File Operation Code (Add/Change/Delete) to report on all audit records for that code. Leave this field blank to report on all codes. This field is for Future Use.
Component
Object Name
From Date
To Date
File Operation Code
200
2 August 2007
An example of the RY5AF555B report can be seen below.
201
2 August 2007
Parent Header (FY5AF501) Report (RY5AF555C)

This report allows you to report on any audit records associated with actions that update the Parent Header Table. Processing Options Template Enter or select a valid Template Id to report on audit records associated with that Template. Leave this field blank to report on all Templates. Enter or select a valid Parent Type (Component/Function/Segregation of Duties Rule) to report on audit records associated with that parent type. Leave this field blank to report on all parents. Enter or select a valid Parent Name to report on audit records associated with that parent. Leave this field blank to report on all parents. From Date Enter or select a valid date to report on all audit records from that date. Leave this field blank to report on all dates. Enter or select a valid date to report on all audit records up to that date. Leave this field blank to report on all dates. Enter or select a valid File Operation Code (Add/Change/Delete) to report on all audit records for that code. Leave this field blank to report on all codes. This field is for Future Use.
Type
Parent Name
To Date
File Operation Code
202
2 August 2007
An example of the RY5AF555C report can be seen below.
203
2 August 2007
Parent Detail (FY5AF510) Report (RY5AF555D)

This report allows you to report on any audit records associated with actions that update the Parent Detail Table. Processing Options Structure ID Enter or select a valid Structure Id to report on audit records associated with that Structure. Leave this field blank to report on all Structures. Enter or select a valid Parent Type (Component/Function/Segregation of Duties Rule) to report on audit records associated with that parent type. Leave this field blank to report on all parents. Enter or select a valid Parent Name to report on audit records associated with that parent. Leave this field blank to report on all parents. From Date Enter or select a valid date to report on all audit records from that date. Leave this field blank to report on all dates. Enter or select a valid date to report on all audit records up to that date. Leave this field blank to report on all dates. Enter or select a valid File Operation Code (Add/Change/Delete) to report on all audit records for that code. Leave this field blank to report on all codes. This field is for Future Use.
Parent Type
Parent Name
To Date
File Operation Code
204
2 August 2007
An example of the RY5AF555D report can be seen below.
205
2 August 2007
Template Master (FY5AF430) Report (RY5AF555E)

This report allows you to report on any audit records associated with actions that update the Template Master Table. Processing Options Template Enter or select a valid Template Id to report on audit records associated with that Template. Leave this field blank to report on all Templates. Enter or select a valid date to report on all audit records from that date. Leave this field blank to report on all dates. Enter or select a valid date to report on all audit records up to that date. Leave this field blank to report on all dates. Enter or select a valid File Operation Code (Add/Change/Delete) to report on all audit records for that code. Leave this field blank to report on all codes. This field is for Future Use.
From Date
To Date
File Operation Code
206
2 August 2007
An example of the RY5AF555E report can be seen below.
207
2 August 2007
Entity Master (FY5AF440) Report (RY5AF555F)

This report allows you to report on any audit records associated with actions that update the Entity Master Table. Processing Options Entity Enter or select a valid Entity Id to report on audit records associated with that Entity. Leave this field blank to report on all Entities. Enter or select a valid date to report on all audit records from that date. Leave this field blank to report on all dates. Enter or select a valid date to report on all audit records up to that date. Leave this field blank to report on all dates. Enter or select a valid File Operation Code (Add/Change/Delete) to report on all audit records for that code. Leave this field blank to report on all codes. This field is for Future Use.
From Date
To Date
File Operation Code
208
2 August 2007
An example of the RY5AF555F report can be seen below.
209
2 August 2007
Function Tracker (FY5AF512) Report (RY5AF555G)

This report allows you to report on any audit records associated with actions that update the Function Tracker Table. Audit records for this table are only written at Build Time. Processing Options Entity Enter or select a valid Entity Id to report on audit records associated with that Entity. Leave this field blank to report on all Entities. Enter or select a valid User Id to report on audit records updated by that profile. Leave this field blank to report on all Users. Enter or select a valid Function to report on audit records associated with that parent. Leave this field blank to report on all parents. From Date Enter or select a valid date to report on all audit records from that date. Leave this field blank to report on all dates. Enter or select a valid date to report on all audit records up to that date. Leave this field blank to report on all dates. Enter or select a valid File Operation Code (Add/Change/Delete) to report on all audit records for that code. Leave this field blank to report on all codes. This field is for Future Use.
User/System Role
Function
To Date
File Operation Code
210
2 August 2007
An example of the RY5AF555G report can be seen below.
211
2 August 2007
Component Tracker (FY5AF513) Report (RY5AF555H)

This report allows you to report on any audit records associated with actions that update the Component Tracker Table. Audit records for this table are only written at Build Time. Processing Options Entity Enter or select a valid Entity Id to report on audit records associated with that Entity. Leave this field blank to report on all Entities. Enter or select a valid User Id to report on audit records updated by that profile. Leave this field blank to report on all Users. Enter or select a valid Component to report on audit records associated with that parent. Leave this field blank to report on all parents. Security Type Enter or select a valid Security Type to report on audit records associated with that security type. Leave this field blank to report on all Security Types. Enter or a valid Object Id to report on records for that object. Leave this field blank to report on all objects. Enter or select a valid date to report on all audit records from that date. Leave this field blank to report on all dates. Enter or select a valid date to report on all audit records up to that date. Leave this field blank to report on all dates. Enter or select a valid File Operation Code (Add/Change/Delete) to report on all audit records for that code. Leave this field blank to report on all codes. This field is for Future Use.
User/System Role
Component
Object Name
From Date
To Date
File Operation Code
212
2 August 2007
An example of the RY5AF555H report can be seen below.
213
2 August 2007
Conflict Manager (FY5AF515) Report (RY5AF555I)

This report allows you to report on any audit records associated with actions that update the Conflict Manager Table. Audit records for this table are only written at Build Time. Processing Options Entity Enter or select a valid Entity Id to report on audit records associated with that Entity. Leave this field blank to report on all Entities. Enter or select a valid User Id to report on audit records updated by that profile. Leave this field blank to report on all Users. Enter or select a valid Conflict Type (Security/SOD) to report on audit records associated with that conflict type. Leave this field blank to report on all Conflict Types. Enter or select a valid Security Type to report on audit records associated with that security type. Leave this field blank to report on all Security Types. Enter or a valid Object Id to report on records for that object. Leave this field blank to report on all objects. Enter or select a Valid Data Item to report on audit records associated with that Data Item. Leave this field blank to report on all Data Items. Enter or select a valid date to report on all audit records from that date. Leave this field blank to report on all dates. Enter or select a valid date to report on all audit records up to that date. Leave this field blank to report on all dates. Enter or select a valid File Operation Code (Add/Change/Delete) to report on all audit records for that code. Leave this field blank to report on all codes. This field is for Future Use.
User/System Role
Conflict Type
Security Type
Object Name
Data Item
From Date
To Date
File Operation Code
214
2 August 2007
An example of the RY5AF555I report can be seen below.
215
2 August 2007
Control Table (FY5AF905) Report (RY5AF555J)

This report allows you to report on any audit records associated with actions that update the Control Table. Processing Options Generic Key Enter or select a valid Generic Key (AUDIT/DECRYPT/HIDDEN/VERSION) to report on audit records associated with that generic key. Leave this field blank to report on all Generic Keys. Enter or select a valid date to report on all audit records from that date. Leave this field blank to report on all dates. Enter or select a valid date to report on all audit records up to that date. Leave this field blank to report on all dates. Enter or select a valid File Operation Code (Add/Change/Delete) to report on all audit records for that code. Leave this field blank to report on all codes. This field is for Future Use.
From Date
To Date
File Operation Code
216
2 August 2007
An example of the RY5AF555J report can be seen below.
217
2 August 2007
Purge Audit Tables (RY5AF557)

If Auditing is turned on then some of the audit tables can grow to an unmanageable size. In order to clear down these tables we have added a batch job, with an individual version for each table, which allows you to purge this data.
Processing options have been added to this UBE that allow you to purge data up to a selected date and also to run the UBE in proof mode so that you can see what is being cleared down before running the report in final mode.
Processing Options Type 1 2 Option Purge Date Proof or Final Explanation Enter a date or use the visual assist to select a date to run the purge up to. Enter a 0 in this field to run the report in Proof mode. Enter a 1 in this field to run the report in Final mode.
218
2 August 2007
An example of the RY5AF557 report can be seen below.
219
2 August 2007
Glossary
All Doors Closed A term that describes which E1 security strategy you are adopting. If you have applied *ALL NN to Application Security against the *PUBLIC system role then no user will be able to access any program unless specifically granted. For further information on Security strategy see the related white paper at http://www.qsoftware.com . All Doors Open A term that describes which E1 security strategy you are adopting. If you have not applied *ALL NN to Application Security against the *PUBLIC system role then all users by default will be able to access any program on your system and therefore you will have to rely on access control to secure your implementation. For further information on Security strategy see the related white paper at http://www.qsoftware.com . Parent Type Component A Component is a task in E1 such as Payment Processing or Address Book Daily Processing. Contained within each Component are the individual security records by object that enable that task to be completed. The Component Level is a value between 0-9 with 0 as the highest and 9 as the lowest. The Component Level is used for resolving security Conflicts. If two Components with different security for the same object are applied to the same User then the Component Level determines what happens when security is built. If one Component is Level 4 and the other is level 6 then the security for the level 4 Component will be written. If both Components have the same level then a Conflict will be flagged for resolution. See Component Level. Segregation of Duties Conflicts will arise when a Segregation of Duties rule has been established in E1Config. If a rule has been created to say that Component X cannot be attached to the same profile as Component Y and this rule is broken then Segregation of Duties Conflicts will be flagged for resolution. Defaults are the Y and N values that correspond to each type of security for ease of entry when entering detail on Components. Defaults are created when a Template is set up and are likely to depend on which security strategy you are using. Defaults can be manually overridden at the detail entry level if for any reason they differ. Embedded Function
Component Level
Conflict (Security) Conflict (Segregation of Duties)
Defaults
A function that is attached to another function.

220 2 August 2007
Parent Type Function
A Function in E1Config is slightly different to a Job Function although similar in a lot of ways. Essentially all a Function is, is a group of Components that fit a Job role. It is more flexible however because an E1Config Function allows you to attach a Function to a Function whereas in E1 only one System Role (Function) is available for an individual user.
Hidden Programs Heads Down
Applications or reports that are called from NER business functions (C business functions are currently not supported). Heads Down is simply the manual entry of security records using the Work with Components by security type form. This is not possible using the security workbench and allows for faster entry of records from a matrix either by typing or cut and paste from a spreadsheet. In earlier versions of E1Config and QBuild the object name in the FY5AF405 table was encrypted which prevented customers from creating their own reports over the table. A Segregation of Duties Parent type that allows you to create a rule that states Component A cannot be assigned to the same User/System Role as Component B or others. If the two or more Components are assigned to the same role then a Segregation of Duties Conflict will be flagged. This is a form within E1Config Component detail that allows you to assign certain security type records to a Component and not others. For which type see Appendix A - E1Config Security Type (Work with Component vs. Selector) The Status of a User/System Role in the User Security Manager. Whether the profile has no records, un-built records, validated records or built records attached to it. For more information see the User System Role Detail section of this manual. A security matrix that holds Functions Components and Segregation of Duties rules. A means of building security for a User/System Role in Proof mode so that any Conflicts are reported and can be resolved before security is actually applied. Enhancements to security functionality introduced by JDE in 8.x versions and then retrospectively into service pack 23/ESU JD23877. This improved specific security types to enable users to protect selected versions of programs rather than an all or nothing scenario as existed before.
Name Encryption
Parent Type Segregation of Duties
Selector
Status
Template Validate
Version Security
- This explanation assumes that an All Doors closed policy is being employed.
221
2 August 2007
Appendix A - E1Config
QComponents
Naming Conventions
Component Where mmnopppppq mm n o ppppp q = = = = = Module number C Component (Functions are defined as F) T Task / F File Access 5 character description/numbering Component Level (see below)
Component Level
Below are a couple of suggested ways of using component levels. Current Component levels should only cover levels 3 and 9: 0 - Level 0 1 - Level 1 2 - Level 2 3 - Add, Change and Delete 4 - Level 4 5 - Add and Change 6 - Level 6 7 - Add Only 8 Inquire only. 9 - QSG standard Components. Do not modify, copy as with E1 versions.
0 - Level 0 1 - Action - everything 2 - Action - everything except delete 3 - Action - add + change 4 - Action Security - change only 5 - Processing Option with change 6 - Processing Option - no change 7 - Row security 8 Application, Row Exit and all security apart from Row, Processing Option and Action. 9 - QSG standard Components. Do not modify, copy as with E1 versions.
222
2 August 2007
Security Type (Work with Components by Security Type vs. Selector)

Certain Security Types can only be added to E1Config in a particular way. Some can be applied using the Work with Components by Security Type (manual entry) method and some can only be applied using the Selector (explorer search and select) method while others can be applied using both. Below is the breakdown of the different security types and how security can be applied in E1Config. Security Type A B Description Solution Explorer Security Data Browser Security (8.11 only) Miscellaneous Security Portal Security Action Code Security Component Detail Entry Method Solution Explorer Form Data Browser Form Entry Form WY5AF405H WY5AF405Q
M O 1
Miscellaneous Security Form Portal Security Form Work with Component by Security Type & Selector Work with Component by Security Type. Work with Component by Security Type & Selector Work with Component by Security Type. Work with Component by Security Type & Selector Selector only Selector only Selector only Work with Component by Security Type & Selector
WY5AF405P WY5AF405I WY5AF405B & WY5AF405G WY5AF405B WY5AF405B & WY5AF405G WY5AF405B WY5AF405B & WY5AF405G WY5AF405G WY5AF405G WY5AF405G WY5AF405B & WY5AF405G
2 3
Column Security Application Security
4 5
Row Security Processing Option Security
6 7 8 9
Exit Security External Call Security Tab Security Exclusive Application Security
223
2 August 2007
Media Object Security (8.12 and above only) Image Security (8.11 and above only) Link Security (8.11 and above only) Push Button Security (8.11 and above only)
Work with Component by Security Type & Selector Selector only
WY5AF405B & WY5AF405G WY5AF405G
Selector only
WY5AF405G
Selector only
WY5AF405G
224
2 August 2007
Appendix B - Security Table Set-up

Single Security Table
For a single security table you can have one Template or multiple Templates that will build security to the Data Source that contains the security table (F00950).
Linked to Data Source via Entity. This is the Path that the Build will take.
DV7333
Template
F00950 in Data Source 1
PY7333
PD7333
Template1 F00950 in Data Source 1
DV7333
Template 2
PY7333
Template 3
PD7333
225
2 August 2007
Multiple
For multiple security tables you can either link one Template to all security tables, a Template by security table or somewhere in between. Below are some examples of set ups that can be accommodated by E1Config. F00950 in Data Source 1 F00950 in Data Source 2 F00950 in Data Source 3
DV7333
Template
PY7333
PD7333
Template1
F00950 in Data Source 1 F00950 in Data Source 2 F00950 in data Source 3
DV7333
Template 2
PY7333
Template 3
PD7333
Template1
F00950 in Data Source 1
DV7333 PY7333
Template 2
F00950 in data Source 3

226
PD7333
2 August 2007
Appendix C - External Call Security in E1Config

Introduction
In the latest tools releases of Enterprise One, any text may be entered as the name of the external application when creating an external call security record. There is no current EnterpriseOne validation of this text. In E1config, for clarity, a UDC table has been created for entry of all external applications that may be called at a user site. You may manually add valid external call applications to this UDC Y5AF/VE through our software. This will ensure only meaningful application names are added to external call security records which will be created in your Enterprise One security as normal. E1Config is shipped with standard values added to UDC Y5AF/VE but you may revise this table.
Default Values
227
2 August 2007
Adding new UDCs

Click on the Revisions button.
Click on the Add button.
228
2 August 2007
Enter a new Code number, the executable name in the Description 01 field, the executable description in the Description 02 field and an N value in the Hard Coded field and then click the OK button.
This executable can now be selected through E1Config -
229
2 August 2007
230
2 August 2007
- and added to the F00950 via the Component.
231
2 August 2007

SEC QureE1ConfigV30UserManual

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

SEC QureE1ConfigV30UserManual

Hochgeladen von

Copyright:

Verfügbare Formate

SEC-Qure E1Config v3.

0 User Manual For JD Edwards EnterpriseOne

E1Config v3.0 User Manual Rev 1.1

This document is copyright to Q Software Global Ltd 2007

Security by Entity .................................................................................................................... 175

Security Workbench Audit reporting ...................................................................... 182

This document is copyright to Q Software Global Ltd 2007

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

This document is copyright to Q Software Global Ltd 2007

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

Segregation of Duties General

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

Version Security functionality

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

Associated Search & Select Forms

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

Template Name Description Status

Level Level Description

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

Template ID Description Template Level

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007

SEC-Qure E1Config Rev 1.1

This document is copyright to Q Software Global Ltd 2007