How To Start/Stop The Managed Agent On AS400

You can start/stop the managed agent from the command line (green screen) by following the steps below:

1. Start the QSHELL by typing STRQSH at the command prompt.
2. Change to the JDE_HOME/bin directory by typing <install_dir>/JDE_HOME/bin.
   *** The <install_dir> refers to the installation directory in the IFS
3. To start the agent enter: startAgent &
   *** The & allows the agent to start as a background job so that it will not stop when you leave the QSHELL
4. To stop the agent enter: stopAgent
5. To restart or bounce the agent enter: restartAgent

You will want to run this in your startup script with a user that has a job queue that is not able to be interrupted.  Because of this, QINTER is not a very good choice.  The user will also need the following permissions: *ALLOBJ, *SAVSYS, *JOBCTL & *SECADM.

Also covered on Oracle’s My Support page ID 659949.1

Tags: *ALLOBJ, *JOBCTL, *JOBCTL, *SAVSYS, *SAVSYS, *SECADM, as/400, EnterpriseOne - Security, Java, jde, oracle, QSHELL, QSHELL, STRSQH

Access To Environments

To find out what users or groups have access to a certain environment run the following SQL:

select * from sy811/f0093
where llll='<enviornment>'    

To find out what environments a user or group has access to run the following SQL:

select * from sy811/f0093
where lluser='<userid>'    

Tags: enterpriseone, EnterpriseOne - Security, EnterpriseOne - SQLs, sql, sql

20 Products Affected By Oracle’s Lastest Critical Patch Update

Oracle released the October 2008 Critical Patch Update.  This update contains 36 new security fixes across 20 different products.

A piece of EnterpirseOne, the Business Services Server, is included in this update. 

Oracle CPU – October 2008
Oracle CPU FAQ

Tags: e1, EnterpriseOne - General, EnterpriseOne - Security, oracle, oracle, peoplesoft, security, xe

Quick EnterpriseOne Version Security Solution

Whether you are trying to change the processing options of an interactive version or a batch version.  Sometimes you can run into issues where the application indicates that you do not have authority to change the version like the example to the left.

To quickly get around this error, we can use SQL to change the security setting in the F983051.

 

UPDATE CODV811/F983051
SET VREXCL = 0
WHERE vRPID = 'P03B2002'
AND VRVERS = 'TEST0001' 

Tags: batch version, e1, enterpriseone, EnterpriseOne - Security, EnterpriseOne - SQLs, security, sql, version

Time To Change Your Password

We have our passwords set to expire every 90 days.

Sometimes there are user IDs that you don’t want to change but don’t really want them to show up on the audit report as not having an expiration period.

Here is a SQL statement that can help you:

UPDATE SY811/F98OWSEC
SET SCSECLST=<numeric date>
WHERE SCUSER='<UserID>' 

Tags: e1, EnterpriseOne - Security, EnterpriseOne - SQLs, sql

EnterpriseOne UserIDs Of Terminated Empoyees

My current employer is a publicly traded entity. As such, we are subject to SOX regulations. Because of this we run many reports periodically to satisfy the auditing department.

One of those reports determines if there are any terminated employees that still have active UserIDs.

Here is the SQL that is used for the report:

SELECT
    uluser, -- userid from f0092
    sceuser, -- userid from f98owsec
    yapast, -- employee pay status from f060116
    date(char(yadt+1900000)), -- adjustment date (last edit of record) from f060116
    yaalph -- full name from f060116
FROM
    sy811/f0092 a, sy811/f98owsec b, proddta/f060116 c
WHERE
    a.uluser = b.scuser = userid
    and a.ulan8 = c.yaan8 -- address book #
    and c.yapast <> '0' -- employee pay status not active
    and b.sceuser = '01' -- userid is enabled

 

Tags: enterpriseone, EnterpriseOne - Security, EnterpriseOne - SQLs, sql

Problems Deploying A Package

We had an issue over the weekend…

We built an update package successfully.  However, we were unable to deploy it.  The R98825D just kept running and running.  It wouldn’t end.  We did all the normal stuff:

• Stop services
• Delete SQLPKGs
• Start services
• Reboot Deployment server
• Deploy to a different port (we are using multi-foundations)

Nothing worked.

I then started looking through the server kernel logs.  When I got to the security kernel, I noticed that the PSFT userid was disabled.  Now, we normally don’t login with that ID and hadn’t for quite some time.  Although, I do remember changing the password a few months ago.

Anyway, I re-enabled the profile and reset the password to PSFT and everything worked great.

Now, I guess we need to go and change the PSFT password everywhere so that when users come back from E1 training they don’t have access to the whole system.

Tags: e1, EnterpriseOne - General, EnterpriseOne - Install/Upgrade, EnterpriseOne - Security, psft, security, sql

EnterpriseOne (E1) Security Management Software – ALLOut

One of our installations of EnterpriseOne utilizes a piece of software from AllOut Security.  ALLOut Security is an Oracle Partner and produces software that helps those that are responsible for World & EnterpriseOne security.

During the application configuration phase of our implementation project we didn’t have users dedicated to the project.  They not only had to do the setup and testing of all the E1 modules, but also had to do their regular day-to-day jobs.  So, that left the security piece of things in kind of a lurch.

Our business data owner that was to be setting up our security matrix was not only new to the security side of things but was also responsible in overseeing all of the accounting setup and configuration.  Needless to say, “she had a lot on her plate.”  Anyway, to help her they brought in ALLOut Security.

I wasn’t really happy with the idea, at first.  The way the software works is a little confusing, especially if you already understand the way that E! does things (once you start to “Think JDE” it’s hard to do anything else).  However, after getting a better understanding of how the software works and why it makes the decisions that is does, I am very pleased.

It was a great tool to use during the security setup phase of our project, satisfy SOX compliance and provide reports to auditors to prove it.

Thanks, ALLOut! 

You made me a believer.

Tags: e1, enterpriseone, EnterpriseOne - Security, jde, oracle, security, world

Who’s In That EnterpriseOne (E1) Role?

One of the biggest things that the E1 security screens lack is the ability to see what users are in a particular group.

So, here is the SQL that you can use:

select * from sy811/f95921
where RLFRROLE = '<E1Role>'

Pretty simple… but, helpful!

Tags: e1, enterpriseone, EnterpriseOne - Security, EnterpriseOne - SQLs, security, sql

EnterpriseOne (E1) ERP Employee Self-Service

We are starting a Employee Self-Service project in the next month or so.  The overall goal of which is to provide a place where employees can view/change their personal information: address, phone number, W-4, dependants, etc.  There are many application setup things that need to happen in order for this to be possible.  Luckily for me, I don’t have to worry about the function setup, but am concerned about the technical stuff.

From a CNC perspective, this could be a nightmare.  We’ve done a fairly decent job restricting the sprawl of our system to being very basic: 1 Enterprise Server, 1 Deployment Server, 1 JAS Server.  Ok, maybe only having 1 JAS server isn’t really recommended but there are plans to add to that.

Anyway, there seems to be 4 basic hurdles to clear:

1. What about the additional users that do not currently use E1?

   Additional users, which have never seen E1 before, will be added to E1.  To create the user profiles, we will either import from the Address Book (R0092) or enter them by hand.  There will also be some security work to setup additional roles to access the Employee Self-Service stuff.  Application support for these users will need to be coordinated with the PC Helpdesk, Human Resources and Payroll departments.

2. How will the users be presented the application?

   There seem to be 3 choices on this issue: 1) Use the portal.  2) Use the normal UI with a scaled down menu.  3) Setup our own web page that links to the applications using parameterized URLs.

   Here is a quick rundown of why we decided on option 3:
   

   • Option 1:  adds system complexity; may cause a degradation in performance; lacking current in-house JAVA expertise for UI modifications
   • Option 2:  may confused users by presenting them with an unfriendly menu; no control over the UI
   • Option 3:  greatest control over the UI using current staff expertise; maintains system simplicity
3. Can the users access it from home?

   Now, this one worried me a little.  However, I know that it can be done using SSL.  I don’t exactly know how to do this, but shouldn’t be too difficult.

4. What happens to the server during the last week of the Open Enrollment Period when everyone is making their selections?

   There will be about a month out of the year that the system will be very heavily utilized, which may require additional JAS servers.  That means setting up a cluster of Websphere servers, both horizontal and vertical.  I’m not real excited about this either, but I know it can be done.

These three things really shouldn’t be too difficult to tackle, but could definitely cause some issues.

My main concern is numbers 3 & 4.  I really don’t want to add anymore complexity that is required. 

Then, I got wind of a project that was going on with our internet servers and MS SharePoint (I am a secondary administrator for the web servers and like to make sure I know what is going on in that arena).  Anyway, they are testing Microsoft’s Internet Security and Acceleration (ISA) Server.

What is it?  The following is from the ISA web site:

ISA Server 2006 is an integrated edge security gateway that helps protect IT environments from Internet-based threats while providing users fast and secure remote access to applications and data.

We’ve done some preliminary tests and have found that both issues 3 & 4 could be resolved using an ISA server without installing SSL or clustering Websphere.

Not too bad for Micro$oft!

Tags: cnc, e1, enterpriseone, EnterpriseOne - Install/Upgrade, EnterpriseOne - JAS (Java Application Server), EnterpriseOne - Security, jas, security, websphere

Next Page »