UDO – Security Management

What is the need

EnterpriseOne provides UDO features like custom grid formats, watchlists, queries, and other items. With the
continuous addition to UDO features in EnterpriseOne there is a need to Manage them.

EnterpriseOne provides UDO security features in the Security Workbench to control:

 Which UDO features are available in EnterpriseOne.

 Who can create UDOs for their own personal use.
 Who can request to publish (or share) UDOs with other users.
 Who can modify shared UDOs created by other users.
 Who can view/use shared UDOs created by other users.

Types of UDO security

There are 3 types of UDO security:

 Feature Security - UDO feature security is used to activate or deactivate each UDO feature globally
in the EnterpriseOne system. By default, all UDO features are disabled in the system and needs to be
enabled using Security workbench(P00950).

To enable UDO features launch P00950 and take form exit Feature security

Individual UDO’s may be enabled or disabled in the revisions screen.

  Action Security – Using UDO Action security we can define what actions can be performed by
users/roles and on what type of UDO objects. Allowed actions include
Create – Permission to create UDO of their own for personal use.
Create and Publish. Authorize users to create and share personal UDOs with other users.
Create, Publish, and Modify. Allows to create, publish and modify existing UDO’s.

P00950 form exit Action can be used to define the allowed actions by user/role.

 View Security - UDO view security authorizes access to shared UDOs. Using this we can define the
users/roles allowed to view or access a published UDO and enable them to work with it.

UDO view security can be set up from within security workbench P00950 or additionally from a
separate application work with user defined Objects (P98220U)

Prerequisites for using UDO security

Before we can manage the security of our UDO’s we need to:

 Define Allowed Actions for UDO Types

Setup activity rules for each UDO object type in OMW configuration system(P98230). This is similar
to project activity rules but is for UDO object types. When a UDO is created it gets created in a
default project for the user using the same concept of OMW projects created on fat client.
For each UDO type, apply the following allowed actions:
 05 (Check-Out/Get/Reserve)
02 (Delete Only)
04 (Check-in/Publish)

 Enable Access to UDO Security and Administration Applications

A security administrator must enable access to P98220U - User Defined Object Management
application for approving UDOs for sharing with other users, P00950UO - Work With User
Defined Object View Security application for approving use of UDOs.

 Object Management Workbench for the Web – P98220W

This application is used to manage the life cycle of user defined objects.

Key Benefits

 Easy to manage
 Controlled access
 Delegation of UDO security to power users or developers reducing burden on already over loaded
security workbench

UDO Security – An Example

Let’s say we want to create a query UDO called promised delivery to find sales orders promised to deliver
yesterday and up to next 3 days, publish it and allow a specific user to use the query. Steps required to do so

1. Create a Query UDO

Launch customer service Inquiry and create your query called Promised Delivery. Save and
request to publish.
 2. Publish your UDO
Power users, developers or other users given access to P98220U can publish Queries requested to
publish will show up as pending approval status 05. Once selected and approved from row exit
Approve, the status moves to 08- Shared. Query is now ready to be given view permission.

3. Provide security access to a user to execute it.

Select the UDO object and take row exit advanced->Security to define security of the UDO
Revise security and add users/roles that need view security need. View toggle button is used to
activate/deactivate the security.

Form Exit - View Security can also be used to define and review existing security for multiple objects at a
time.
Authorized users when in the application P4210 will see the query and would be able to execute it.