I have the next big issue with the security in Jd Edwards A7.3 over OS400:
How is manage the security configuration in this JDE version (A7.3), based on: The security is covered by the operating system or through the application?
For the second option (application), i could not find the following tables: F9312, F98OWESEC, F9312, P98220, F98210, R98WSECA, F9210 . . .
I need it in order to support and/or demostrated to the auditors, that i have configured the security through the operating system, because this is a very old version of JDE that not support a broad security like a subsequents versions of the application . . .
Could anyone please inform me what about this subject?
Well, you are asking about a subject that would take a multple day class to educate yourself on. So it is going to be pretty hard to explain things on this forum. I will try to keep it simple, though that may not satisfy you. Most JDE World customers handle security through the application. That restricts the menus and the menu options that a user can see and use. JDE application security will also put restrictions on what a person can do inside a specific application. This security works pretty good. Few customers will use the operating system security.
Having said that, this approach of using JDE application security and not operating system security does leave some potential exposure holes. For example, if people are using products like SEQUEL and IBM QUERY and Client Access Transfer, those products do NOT recognize JDE Application security at all. FTPs also do not recognize JDE application security. Operating system security can be used to help control this, but that can get to be a bit of a complex setup.
There are third party security products out there, such as Powertech, that you can buy to help deal with these non-JDE programs. That may be your best thing to look at, unless you have someone on staff who is a real wizard on OS/400 security, and there are not many of those people out there. If you do start playing with OS/400 security, do so in a test environment, and test very throughly. Otherwise you could cause problems for your users.
Hope this helps a little bit.