browser security

Data Browser Security

Recently, a client came to me with a request to give temporary data browser access for just a few tables to a new role that was being created. My first thought – not possible, based on having to setup table security within security workbench to deny access to all tables and grant back access to the tables the client wanted the role to see. This would cause a complete loss of access to E1 data for the user, except for those few tables.

But, as many of you know, I love a security challenge. And this couldn’t be the first time someone has had this request, so I did a little research into the data browser security and setup. Success! I found that starting in 9.1, there is an indirect way around the issue by using public queries, and, even better, in 9.2 there is a new way to setup security to allow the viewing of specific tables through UDO security.

I’m going to focus this blog on the 9.2 solution, since the client that asked the question has just upgraded to 9.2 and that was my focus. But, for my 9.1 friends, stay tuned for part 2 in the next few weeks, where I’ll discuss the 9.1 workaround solution.

With the release of EnterpriseOne 9.2, the User Defined Object enhancement has made it possible to grant users the ability to see specific tables with UDO View security for specific table/business view in Data Browser. The following is a step by step guide in setting up data browser security. For our example, we’ll focus on a requirement to give the role DBTROLE access to the F1201 table only.

Step 1: Access Security Workbench (P00950).

Step 2: Select “Form” menu and choose “Set Up Security”, “Data Browser”.

Step 3: Enter the role and check the options shown below.

Step 4: Click “OK”. Do not exit security workbench as you will need to use it again.

The role DBTROLE now has access to use the data browser application, but also has access to view all tables currently. Using User Defined Object (UDO) View security, we can lock down the role to only access the F1201 table.

Step 1: Access Security Workbench (P00950)

Step 2: Select the “Form” menu and choose “User Defined Object”, “View”.

We will now add a record to deny all tables to role DBTROLE and grant back access to the F1201.

Step 3: Complete the following fields shown below.

NOTE: The “View” column is very important! A red box means view access will be denied for what you have setup, and the green circle grants access.

Step 4: Clear security cache on the web instance and test.

And that’s it!  That’s all it takes to implement some tighter controls over what users can access within Data Browser in 9.2.