Recently, a client came to me with a request to give temporary databrowser access for just a few tables to a new role that was being created. My first thought – not possible, based on having to setup table security within security workbench to deny access to all tables and grant back access to the tables the client wanted the role to see. This would cause a complete loss of access to E1 data for the user, except for those few tables.
But, as many of you know, I love a security challenge. And this couldn’t be the first time someone has had this request, so I did a little research into the databrowser security and setup. Success! I found that starting in 9.1, there is an indirect way around the issue by using public queries, and, even better, in 9.2 there is a new way to setup security to allow the viewing of specific tables through UDO security.
I’m going to focus this blog on the 9.2 solution, since the client that asked the question has just upgraded to 9.2 and that was my focus. But, for my 9.1 friends, stay tuned for part 2 in the next few weeks, where I’ll discuss the 9.1 workaround solution.
With the release of EnterpriseOne 9.2, the User Defined Object enhancement has made it possible to grant users the ability to see specific tables with UDO View security for specific table/business view in Databrowser. The following is a step by step guide in setting up Databrowser security. For our example, we’ll focus on a requirement to give the role DBTROLE access to the F1201 table only.
Step 1: Access Security Workbench (P00950).
Step 2: Select Form menu and choose Set Up Security, Databrowser
Step 3: Enter the role and check the options shown below:
Step 4: Click OK. Do not exit security workbench as you will need to use it again.
The role DBTROLE now has access to use the databrowser application, but also has access to view all tables currently. Using User Defined Object (UDO) View security, we can lock down the role to only access the F1201 table.
Step 1: Access Security Workbench (P00950)
Step 2: Select the Form menu and choose User Defined Object View
We will now add a record to deny all tables to role DBTROLE and grant back access to the F1201.
Step 3: Complete the following fields shown below. NOTE: The View column is very important! A red box means view access will be denied for what you have setup, and the green circle grants access.
Step 4: Clear security cache on the web instance and test.
And that’s it! That’s all it takes to implement some tighter controls over what users can access within Databrowser in 9.2. Stay tuned for part 2 of this blog, where we talk about some potential workarounds to accomplish the same goals in 9.1.