× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Laura -

I have been working with JDE World Software since the 1980's.

1) The original security design for JDE World was for /everything/ to be owned by user profile JDE, and all JDE user profiles have JDE specified as the group profile.

2) As supplied by Orace/JDE, all programs were compiled to be owned by and adopt the authority of user profile JDE, and if you use the JDE tools like SVR (Software Versions Repository) on menu G92 to compile objects, JDE becomes the owner of any created objects.

3) Assuming that nobody has command line authority within JDE, then JDE action-code and menu-level security controls access to all of the applications within JDE - if the user cannot run the menu option then they cannot view or modify the data within the files.

In your client's case, applications other than JDE applications have been introduced which have ownership and object security outside these constraints, this is where they probably started giving users *ALLOBJ authority.

Regards,
Steve Landess
512-289-0387

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of ubelhor@xxxxxxxxxxxxx
Sent: Monday, May 13, 2024 8:06 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Users with *ALLOBJ

Thanks everyone for the replies. Some great suggestions including looking at adopted authority within JDE and collecting information through the security audit tools.
Regards,Laura
Laura A. UbelhorPresidentConsultech Services, Inc.http://www.consultechservicesinc.com/
phone 248-701-7410

On Sunday, May 12, 2024 at 12:19:08 AM EDT, Roger Harman <roger.harman@xxxxxxxxxxx> wrote:

My first thought was... Why do the *users* know, or think they know, that they need *ALLOBJ authority?

That's kind of getting into the weeds for end-users.

Roger Harman
COMMON Certified Application Developer - ILE RPG on IBM i on Power




-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Chris Pando
Sent: Saturday, May 11, 2024 12:46 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Users with *ALLOBJ

A little dated, but then so is World. Synopsis of a COMMON session I did in Baltimore some twenty plus years ago.

http://brilligware.com/remirpces.html

JDEdwards World and object level security. I took a number of clients from SECLVL 20 to 40 using this.

Chris

On Sat, May 11, 2024, 12:58 PM ubelhor@xxxxxxxxxxxxx <ubelhor@xxxxxxxxxxxxx>
wrote:

Hello:
We are process of a task to get rid of *ALLOBJ authority for system
users. Out of hundreds of profiles with *ALLOBJ we are down to 9
system users that have *ALLOBJ. They are in the finance group and
insist they must have the *ALLOBJ authority. We are tackling the
users 1 at a time out of the 9 to see what they actually need for
authority and ultimately get the *ALLOBJ removed from their profiles.
It was discovered that over the years by default user profiles had
been copied and no one really considered the impact of *ALLOBJ.
We don't necessarily want to put in a package. Just want to deal with
sorting out safely what the 9 system users really need for authority.
They are using JDE World (green screen) and also have a bunch of add
on applications. Do you have any recommendations on how to most
efficiently address the task?
ThanksRegards,Laura
Laura A. UbelhorPresidentConsultech Services,

Inc.http://www/
.consultechservicesinc.com%2F&data=05%7C02%7C%7Cb667255a0e7d43ac0d0708d
c73b215de%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C6385124559320775
00%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6
Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=3amer0xjlvHwGE%2FORc0HdBh0cou
dSeOKjq2h3E6kDe0%3D&reserved=0
phone 248-701-7410
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit:
https://lists/.
midrange.com%2Fmailman%2Flistinfo%2Fmidrange-l&data=05%7C02%7C%7Cb66725
5a0e7d43ac0d0708dc73b215de%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7
C638512455932082186%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjo
iV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=dU6BGBh6QEsx
5%2BbKkMbUbHguvRcZf1iGJxh4WELeZM4%3D&reserved=0
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.