1 / 85

Security 9

Security 9. Joe Faltesek September 27, 2006. Items. User Can Have Many Roles More Securable Objects More Reporting With Segregation of Duties Better User Interface Related Tables in Rules Field Level on Screens Security by Types. User. Roles (jobs). Classes (tasks).

quade
Download Presentation

Security 9

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security 9 Joe Faltesek September 27, 2006

  2. Items • User Can Have Many Roles • More Securable Objects • More Reporting With Segregation of Duties • Better User Interface • Related Tables in Rules • Field Level on Screens • Security by Types

  3. User Roles (jobs) Classes (tasks) Rules: can be conditional or unconditional Securable Objects: Systems (AP vs. PR) Entities Whole Reports Whole DB Instances Screens Divisions Report Rows Whole DB Tables Screen Fields Departments Report Columns DB Columns Screen Actions Employee Groups Report Sections DB Rows User Can Have Unlimited Roles

  4. User Roles (jobs) Classes (tasks) Rules: can be conditional or unconditional Securable Objects: Systems (AP vs. PR) Entities Whole Reports Whole DB Instances Screens Divisions Report Rows Whole DB Tables Screen Fields Departments Report Columns DB Columns Screen Actions Employee Groups Report Sections DB Rows More Securable Objects

  5. Much More Reporting: Segregation of Duties

  6. Much More Reporting: Segregation of Duties

  7. Much More Reporting: Segregation of Duties • Segregation of Duties • Profile List • Security Class • Auditing • User Security • Object Security • Role / User Assignment • Role / Security Class Assignment • Rule Report • Identities for Resource • Service Definition List • Resource Management Report

  8. Queries & Related Tables • Extra measure of security • Applies to drills & queries • 9 can secure based on related tables

  9. Business Goal Secure executive pay from view, both in the employee table and the pay history table. Employees in the process level ‘corp’ are considered executive.

  10. Technology Details In this demo we will use a relationship from pay history table to the employee table. Securing based on related tables is new for the 9 technology release.

  11. First with security turned off

  12. First with security turned off

  13. With security turned off all data is visible

  14. Now with security turned on

  15. User

  16. User -> Role

  17. User -> Role

  18. User -> Role -> Class

  19. User -> Role -> Class

  20. User -> Role -> Class -> Rules

  21. User -> Role -> Class -> Rules

  22. User -> Role -> Class -> Rules

  23. Now with security turned on

  24. Now with security turned on

  25. Summary • Extra measure of security • Applies to drills & queries • 9 can secure based on related tables Business Goal: Secure executive pay from view, both in the employee table and the pay history table. Employees in the process level ‘corp’ are considered executive.

  26. Demo Focus • Securing by job role with separation of duties • Uses LDAP • Much more reporting

  27. Business Goal Establish security to reflect the purchasing clerk job role. Enforce separation of duties by limiting access to accounts payable.

  28. Security Entity Relationships Product Line / Data Source User Roles (jobs) Profile Contains: Classes (tasks) Rules Securable Objects (tables, fields, forms…)

  29. Security Entity Relationships Product Line / Data Source User Path We Will Follow Roles (jobs) Profile Contains: Classes (tasks) Rules Securable Objects (tables, fields, forms…)

  30. User Maintenance

  31. User Maintenance

  32. User Maintenance

  33. User -> Roles

  34. User -> Roles

  35. Role -> Classes

  36. Class -> Rules

  37. Class -> Rules

  38. Rules -> Objects

  39. Rules -> Objects

  40. User Signs On

  41. Goes to PO20 & Selects Company: OK

  42. Inquires in PO20: OK

  43. Changes PO20: OK

  44. Goes to AP10 and Selects: OK

  45. AP10 Inquiry: OK

  46. Changing AP10: Disallowed

  47. Going to AP20: Disallowed

  48. Running Audit Report

  49. Audit Report

  50. Find Within the Report

More Related