APPS Blogs

PeopleSoft User Security

When performing a PeopleSoft security audit, reconciling users should be one of the first tasks. This includes default accounts created through the installation of PeopleSoft as well as user accounts associated with staff, vendors and customers.

The following are several of the topics that Integrigy investigates during our PeopleSoft security configuration assessments - take a look today at your settings:

  • Default accounts - PeopleSoft default application user accounts with superuser privileges where possible should be removed or have their password changed. Carefully consult your documentation but this is a key task.

Default Oracle PeopleSoft Users

BELHR

JCADMIN1

PSJPN

CAN

NLDHR

PSPOR

CFR

PS

TIME

CNHR

PSCFR

UKHR

ESP

PSDUT

UKNI

FRA

PSESP

USA

FRHR

PSFRA

HSHR

GER

PSGER

WEBGUEST

GRHR

PSINE

WEBMODEL

 

  • Stale users – users that have not logged on in months or years should be identified and removed. Use the following SQL to locate stale users:
SELECT * FROM SYSADM.PSPTLOGINAUDIT;

To manage accounts, the following navigation can assist. As it cannot be mentioned enough, BEFORE you disable or delete any user TEST in non-production first.

User management:

  1. Select PeopleTools, Security, User Profiles, User Profiles
  2. Select user to disable or delete
  3. If disabling, check Account Locked Out check box


 

If you have questions, please contact us at info@integrigy.com

Michael A. Miller, CISSP-ISSMP, CCSP

References

PeopleSoft Security Quick Reference

Auditing, Oracle PeopleSoft
Categories: APPS Blogs, Security Blogs

E-Business Suite Technology Sessions at OpenWorld 2016

Steven Chan - Fri, 2016-08-26 14:15

OpenWorld logoPreparations for Oracle OpenWorld have been underway for some time, and the session catalog with detailed schedules is now available. 

This year, the Oracle E-Business Suite Applications Technology Group (ATG) will participate in 29 sessions including Meet the Experts round-table discussions and customer panels, demo booths, and several Special Interest Group meetings as guest speakers. Please join us to hear the latest news and connect with senior ATG development staff.

For detailed and up-to-date information, please refer to the following FOCUS ON documents:

Meeting the Experts

OpenWorld is an excellent opportunity to meet directly with Oracle E-Business Suite tools and technology experts. You can have discussions regarding the Oracle E-Business Suite strategy, your specific business and IT strategy, key planning considerations to upgrade to the latest release of Oracle E-Business Suite and more.

There are several ways of meeting with EBS Development staff:

General sessions: collar the speaker of your choice after his or her presentation.

Meet The Experts round-tables: Our most senior staff host round-table discussions where you can ask your questions. Space is limited and preregistration is recommended.

Private meetings:  If you have confidential or in-depth questions about your implementation that cannot be discussed in front of other customers, a private meeting is your best option.  Contact your Oracle account manager to set up a private meeting in a reserved room in the Moscone On-site Customer Visit Center. 

Time is of the essence

Many of this blog's experts, including me, will be attending OpenWorld this year.  If you'd like to meet with us privately, please contact your Oracle account manager to arrange that as soon as possible.  My calendar, in particular, is already starting to fill up.  It is often completely full by the time OpenWorld starts.

See you there!

Categories: APPS Blogs

PeopleSoft Jolt Security

Jolt along with Tuxedo supports PeopleSoft web requests. Specifically, Jolt is the layer between the application server and the web server. It is also described as a Java-enabled version of Tuxedo.

When performing a PeopleSoft security audit, Integrigy reviews in detail the PeopleSoft Jot security settings to ensure they are set per best practice recommendations.  To do this yourself, use the table below to review your settings. These settings should also be regularly reviewed to ensure against configuration drift.

Field

Description

Recommended Value

Disconnect Timeout

Seconds to wait before disconnecting Oracle Jolt connection. Zero (0) means no limit.

0

Send Timeout

Maximum number of seconds servlet allowed to send a request.

50

Receive Timeout

Maximum number of seconds servlet will wait for a response.

600

 

If you have questions, please contact us at info@integrigy.com

Michael A. Miller, CISSP-ISSMP, CCSP

References

PeopleSoft Database Security

PeopleSoft Security Quick Reference

Auditing, Oracle PeopleSoft
Categories: APPS Blogs, Security Blogs

10 Oracle documents every Apps DBA must read before Upgrade to Oracle EBS 12.2

Online Apps DBA - Fri, 2016-08-19 09:22

 Are you an Oracle Apps DBA looking for Upgrading Oracle E-Business to version 12.2 ? If you confused where to start and what documents to read before you Upgrade to Oracle E-Business Suite 12.2 then you are at right place. This post covers 10 important Oracle documents that every Apps DBA must read before doing Oracle EBS […]

The post 10 Oracle documents every Apps DBA must read before Upgrade to Oracle EBS 12.2 appeared first on Oracle Trainings for Apps & Fusion DBA.

Categories: APPS Blogs

Approvals 1.5 for E-Business Suite Now Available

Steven Chan - Wed, 2016-08-17 16:52
Approvals for EBS mobile screenshotA new version of the E-Business Suite Approvals mobile app is now available for iOS and Android.

Approvals for EBS 1.5 is part of a coordinated release of 18 E-Business Suite mobile apps.  These apps are designed to work with EBS 12.1.3 and 12.2 and are available for iOS and Android. 

This is our sixth set of updates to this family of EBS smartphone apps (a.k.a. "Release 6"). For details about the entire set of EBS mobile apps, see:

What's New?

Updates to our Approvals for EBS 1.5 app include:

  • New approval types for:
    • Human Resources (person status change)
    • Projects (projects, budgets)
    • Service Contracts
  • Ability to customize seeded metadata
  • Enhancement to Quoting approvals to support customization
  • Mobile Foundation
    • Ability to open links to external websites within the app on Android
    • Updated look and feel, including native look and feel for action sheets on iOS
    • Ability to easily clear user credentials on the Sign-In page
    • Use of Oracle Mobile Application Framework (MAF) 2.3.1

Some of these new features require EBS server-side patches.  See the documentation above for details.

Related Articles

Categories: APPS Blogs

PeopleSoft Web Portal Security

When performing a PeopleSoft security audit, Integrigy reviews in detail the PeopleSoft Web Portal security settings to ensure they are set per best practice recommendations.  To do this yourself, use the table below to review your settings.

These settings should also be regularly reviewed to ensure against configuration drift.

Field

Description

Recommended Value

Allow Public Access

User sign on bypassed when direct link to a page are used – PUBLIC user access.

NULL/Disabled

Days to Autofill User ID

Convenience for users. Caches user Id for x days.

7

View File Time to Live

Number of seconds to wait after sending a file attachment to a user's browser before removing that file from the web server.

Default is 0. Set to 0 (zero) for public area/kiosk

PIA use HTTP Same Server

Use the HTTP protocol instead of HTTPS for requests that are issued by the portal for content hosted on same server.

N

Allow Unregistered Content

Whether both registered and unregistered content is served. Turning this option off will prevent explicitly registered content references from being displayed in the portal.

Y

SSL Secured Access Only

Forces use of SSL. Prevents users from using non-SSL protocols to access any link within this website or application.

Y

Secure Cookie with SSL

Prevents single signon token from traveling over an insecure network. If selected the system sets the secure attribute of the single signon cookie (PS_TOKEN) to True.

Y

Inactivity Warning

Number of seconds that the portal waits before warning users that browser sessions will expire. 

1080

HTTP Session Inactivity

Number of seconds of inactivity after which the HTTP session times out for authenticated users. 

1200

Inactivity Logout

Number of seconds of the inactivity timeout interval that applies to PeopleSoft applications to which a user is signed in. 

1200

Show Connection Information

Generates system information page when a user presses Ctrl+J. Shows:

browser, OS, PeopleTools release, application release, service pack, page definition name, component definition name, menu definition name, user ID, database name, database type, and application server address

Off/Null

Show Trace Link at Signon

Displays URL link at sign-in for setting trace parameters.

FALSE

 

If you have questions, please contact us at info@integrigy.com

Michael A. Miller, CISSP-ISSMP, CCSP

References

PeopleSoft Database Security

PeopleSoft Security Quick Reference

Categories: APPS Blogs, Security Blogs

PeopleSoft Encryption

Protection of sensitive data while at-rest, in-motion or in-use all need to be addressed as part of a holistic security strategy. This includes both Personally Identifiable Information (PII) as well as sensitive PeopleSoft system configurations.

When performing a PeopleSoft security audit, Integrigy reviews the use and implementation of encryption within all components of the PeopleSoft technology stack. This includes the following, all which are critical. Review yours today and contact Integrigy with any questions.

  • Implementation of Oracle Advanced Security Option (ASO) for Transparent Data Encryption (TDE), Oracle Wallets and encryption key management for database encryption
  • Configuration of SQL-NET encryption between database server, application and web servers
  • PeopleSoft Pluggable Encryption Technology (PET)
  • PeopleSoft client and web services connections. Specifically, we look to ensure that both internal and external network traffic is encrypted using TLS not SSL to encrypt network traffic. TLS is the successor to SSL and is considered more secure.
  • Encryption of Tuxedo configurations using the PSADMIN utility
  • Encryption of PeopleSoft web server configurations by generating or implementing a new PSCipher key to encrypt values in the web server configuration files.
  • Encryption of the Template file. The Template file is used to share configurations among multiple environments (Test, Dev Prod etc...) and passwords stored in the file MUST be encrypted and should not be stored in clear text.

If you have questions, please contact us at info@integrigy.com

Michael A. Miller, CISSP-ISSMP, CCSP

References

PeopleSoft Database Security

PeopleSoft Security Quick Reference

Encryption, Oracle PeopleSoft
Categories: APPS Blogs, Security Blogs

New OA Framework 12.2.5 Update 5 Now Available

Steven Chan - Fri, 2016-08-05 14:10

Web-based content in Oracle E-Business Suite 12 runs on the Oracle Application Framework (OAF or "OA Framework") user interface libraries and infrastructure.   Since the release of Oracle E-Business Suite 12.2 in 2013, we have released several cumulative updates to Oracle Application Framework to fix performance, security, and stability issues. 

These updates are provided in cumulative Release Update Packs, and cumulative Bundle Patches that can be applied on top of the Release Update Pack. "Cumulative" means that the latest RUP or Bundle Patch contains everything released earlier.

The latest OAF update for EBS 12.2.5 is now available:

EBS 12.2.5 Bundle Patch 5 download patch

Where is the documentation for this update?

Instructions for installing this OAF Release Update Pack are here:

Who should apply this patch?

All EBS 12.2.5 users should apply this patch.  Future OAF patches for EBS 12.2.5 will require this patch as a prerequisite. 

What's new in this update?

This bundle patch is cumulative: it includes all fixes released in previous EBS 12.2.5 bundle patches.

This latest bundle patch includes new fixes for the following critical issues:

    • The getIndexedChild API throws an exception when all the subtabs are hidden in the subtab layout.
    • Adding new rows to the scroll mode table with more than 30 records leads to UI distortion and table becomes empty.    
    • The value in Table cells with style OraTableCellNumber and OraTableTotalNumber is left aligned.
    • The inline error message at the table cell is not wrapped in 12.2 code lines and consequently, the table columns are expanded to the length of error messages if the error messages are long.
    • Mechanism to render table header tag from Row wise rendering(Row Bean) is not available in OAF
    This Bundle Patch requires the R12.ATG_PF.C.Delta.5 Release Update Pack as a mandatory prerequisite.

    Related Articles


    Categories: APPS Blogs

    EBS 12.2 DB Migration Using 12cR1 Transportable Tablespaces Now Certified

    Steven Chan - Thu, 2016-08-04 11:49
    Database migration across platforms of different "endian" (byte ordering) formats using the Transportable Tablespaces (TTS) process is now certified for Oracle E-Business Suite Release 12.2 (12.2.3 or higher) with Oracle Database 12c Release 1 (12.1.0).

    This certification requires that the source database be 11gR2 (11.2.0.4) or 12cR1 (12.1.0.2) and the target database be 12cR1 (12.1.0.2). This 12.2/12cR1 database migration process utilizes the 'full transportable export/import' feature of 12c to greatly speed up the migration while also offering the optional use of incremental backup.

    This migration process requires a patch delivered by the EBS Platform Engineering team which is now generally available on MOS for use by EBS customers.

    The "endian-ness" of platforms can be checked by querying the view V$TRANSPORTABLE_PLATFORM using sqlplus (connected as sysdba):
    SQL> select platform_name, endian_format from v$transportable_platform;

    Here's a list of relevant platforms certified for the EBS R12 with 12cR1 on the database tier:

     Big Endian
     Little Endian
     Oracle Solaris on SPARC
     Linux x86-64
     HP-UX Itanium
     Windows x64
     IBM AIX on Power Systems
     Oracle Solaris on x86-64
     IBM: Linux on System z

    The use of Transportable Tablespaces may greatly speed up the migration of the data portion of the database - it does not affect metadata which must still be migrated using export/import. Smaller databases (less than 1TB) may see little gain from the use of Transportable Tablespaces, and other techniques like export/import will be simpler and likely faster.

    For smaller databases, we highly recommend that users initially perform a test migration with export/import on their database with the 'metrics=y' parameter to find out the relative size of data vs metadata in their database and to have a basis to compare any gains in timing. Generally speaking, the larger the relative size of data (as compared to metadata), the more likely it would be that TTS is suitable as a migration process to reduce downtime.

    Database migration between platforms of the same endian format should use the 'Transportable Database' process or Rapid Clone if migrating between the same platform.

    References

    Related Articles

    Categories: APPS Blogs

    Fifth Recommended Patch Collection for EBS 12.1.3 Now Available

    Steven Chan - Tue, 2016-08-02 16:55
    We are pleased to announce the availability of the fifth consolidated patch collection for Oracle E-Business Suite Release 12.1.3.  This patchset combines important patches for Release 12.1.3 into a single integrated and regression-tested patchset:

    EBS 12.1.3 RPC 5 screenshot download

    Reasons to Apply RPC5

    Oracle E-Business Suite Release 12.1.3 has been available for a while, and over its lifetime has been significantly enhanced in numerous ways. These enhancements and fixes are provided as individual patches, product family Release Update Packs (RUP), and product-specific Recommended Patch Collections (RPC).

    For example, there are Recommended Patch Collections for Financials products such as General Ledger and Payables. On the technology side, there are patchsets such as the OA Framework 12.1.3.1 Consolidated Update Patch.

    Identifying and applying all the individual patches, RUPs, and RPCs you need can be time-consuming. Complicating matters further, patchsets across multiple product families are generally not tested together.

    Patches included in Oracle E-Business Suite Release 12.1.3+ RPC5 are also available individually, and may contain conditions and prerequisites relevant to their application. RPC5 includes all the recommended patches, along with their dependencies. Applying this patch in a single downtime patching window saves effort and time, rather than applying each recommended patch individually.

    What's Included in RPC5?

    The EBS 12.1.3+ RPC5 patchset includes the latest recommended patches and their dependencies for the following Oracle E-Business Suite products and product families:

    • Applications Technology (ATG)
    • Oracle Customer Relationship Management (CRM)
    • Oracle Financials (FIN)
    • Oracle Human Resource Management System (HRMS)
    • Oracle Procurement (PRC)
    • Oracle Projects (PJ)
    • Oracle Supply Chain Management (SCM)
    • Oracle Value Chain Planning (VCP)
    • Oracle Business Intelligence (BIS)

    Is it necessary to apply this RPC if I only use a subset of Oracle E-Business Suite products?

    Applying this RPC is recommended even if you are using only a subset of Oracle E-Business Suite products. The patching utility 'adpatch' takes care of the files to be applied and generates them based on the product installation status.

    I have already applied a few Family Packs included in this RPC. What happens when I apply this RPC?

    Applying this RPC on top of already applied individual Family Packs will not harm your system because the patching utility 'adpatch' skips the files already applied on the system. You can apply the latest available RPC on your system.

    A patch I need isn't included in this RPC. Why not?

    This RPC combines recommended patches that were released after Release 12.1.3 into a single, integrated and regression-tested patch to help ensure a successful installation. If you don't find the patch in the RPC, it is likely that the patch was released after the patch list for the specific RPC was frozen or the patch was not marked "recommended" at the time the list was generated.

    Should I only install the latest RPC? Do I have to install all prior RPCs? Should I install later individual product family RPCs?

    To keep your system up-to-date with the most current Oracle E-Business Suite recommended patches, you should only apply the latest available RPC (which supersedes any prior release suitewide RPC) and thereafter either install individual product-level recommended patches as required or install the next suitewide level RPC when it becomes available.

    Related Articles
    Categories: APPS Blogs

    Oracle Buys NetSuite

    OracleApps Epicenter - Mon, 2016-08-01 11:26
    Oracle set the ball rolling with Netsuite acquisition. Oracle OpenWorld Keynote—Cloud Innovation, Mike Hurd (Oracle CEO) predicted that by year 2025 - "Two software-as-a-service (SaaS) suite providers will have 80 percent of the cloud enterprise application market. I volunteer us to be one of them Everything came full circle with NetSuite last week, when Oracle […]
    Categories: APPS Blogs

    PeopleSoft PUBLIC User Security

    PeopleSoft Public users are not required to authenticate (sign on). These are generic accounts created for specific purposes, for example informational pages and/or company directories. Public users are also not subject to timeouts (session inactivity). Because no authentication is required, no sensitive data should be accessible to these users. It also goes without saying, that if you don’t need Public accounts, don’t use them.

    When performing a PeopleSoft security audit, Integrigy identifies Public users and analyzes their authorization privileges. To do this yourself, use the SQL below to list your public users and then query the application or database to look at their authorization privileges.

    --List the public users
    SELECT O.OPRID, O.OPRDEFNDESC, O.ACCTLOCK, O.LASTPSWDCHANGE, O.FAILEDLOGINS,O.ENCRYPTED, O.EMPLID
    FROM SYSADM.PSWEBPROFILE P, SYSADM.PSOPRDEFN O
    WHERE P.BYPASSSIGNON = 'Y'
    AND P.DEFAULTUSERID = O.OPRID;

    If you have questions, please contact us at info@integrigy.com

    Michael A. Miller, CISSP-ISSMP, CCSP

    References

    PeopleSoft Security Quick Reference

    Auditing, Oracle PeopleSoft
    Categories: APPS Blogs, Security Blogs

    New OA Framework 12.2.4 Update 11 Now Available

    Steven Chan - Wed, 2016-07-27 02:05

    Web-based content in Oracle E-Business Suite 12 runs on the Oracle Application Framework (OAF or "OA Framework") user interface libraries and infrastructure.   Since the release of Oracle E-Business Suite 12.2 in 2013, we have released several updates to Oracle Application Framework to fix performance, security, and stability issues. 

    These updates are provided in cumulative Release Update Packs, and cumulative Bundle Patches that can be applied on top of the Release Update Pack. "Cumulative" means that the latest RUP or Bundle Patch contains everything released earlier.

    The latest OAF update for EBS 12.2.4 is now available:


    Where is the documentation for this update?

    Instructions for installing this OAF Release Update Pack are here:

    Who should apply this patch?

    All EBS 12.2 users should apply this patch.  Future OAF patches for EBS 12.2 will require this patch as a prerequisite. 

    What's new in this update?

    Fixes are included for following critical issues:

    • MAC validations are failing for JTT  URL cookie "jfn" in interoperability flows.
    • Message box bean is not accessibility complaint.
    • Proxy user session throws 'insufficient privileges' error when home page mode is flat.
    • Empty MDS customization documents are present in the db tables after upgrading to Release 12.2.3 of EBS and consequently, the users cannot access the pages.
    • In a KFF which has validation disabled, invalid values entered by end user are not retained after navigating back from another page.

    This Bundle Patch requires the R12.ATG_PF.C.Delta.4 Release Update Pack as a mandatory prerequisite.

    Related Articles


    Categories: APPS Blogs

    Oracle E-Business Suite 12.1 and 12.2 Support for TLS 1.2 Added

    Oracle has released support for TLS 1.2 in Oracle E-Business Suite 12.1 and 12.2.  Previously, Oracle E-Business Suite only supported SSLv3 and TLS 1.0, which are no longer approved for use with Federal systems and are not PCI-DSS compliant as of June 2014.  For TLS 1.2 support, new My Oracle Support (MOS) documents are available:

    Enabling TLS in Oracle E-Business Suite Release 12.2 (Doc ID 1367293.1)

    Enabling TLS in Oracle E-Business Suite Release 12.1 (Doc ID 376700.1)

    Oracle E-Business Suite 11.5 and 12.0 are desupported, therefore, these versions will continue to only support SSLv3 and TLS 1.0.

    Integrigy recommends all Oracle E-Business Suite implementations use an external SSL/TLS termination point, such as an F5 BIG-IP load balancer, rather than the Oracle E-Business Suite TLS implementation in order to provide a more robust TLS implementation and allow for faster patching of the SSL technology stack.  In addition, an external TLS termination point is usually maintained by network and/or security staff for multiple applications, thus off-loading this responsibility from the Oracle DBAs who often have only limited experience with the complexity of network encryption and certificates.  Although, the one disadvantage is that the network traffic between the load balancer and Oracle E-Business Suite application server is unencrypted, however, this is normally limited to VLANs within the data center.

    Encryption, Oracle E-Business Suite
    Categories: APPS Blogs, Security Blogs

    TLS 1.2 Certified with E-Business Suite 12.1

    Steven Chan - Tue, 2016-07-26 10:31

    I'm pleased to announce that Oracle E-Business Suite 12.1 inbound, outbound, and loopback connections are now certified with TLS 1.2, 1.1, and 1.0. If you have not already migrated from SSL to TLS, you should begin planning the migration for your environment. 

    For more information on patching and configuration requirements when migrating to TLS 1.2 from TLS 1.0 or SSL or enabling TLS for the first time, refer to the following My Oracle Support Knowledge Document:

    Migrating to TLS 1.2 per the steps and configuration outlined in MOS Note 376700.1 will do the following:

    • Address recent security vulnerabilities (e.g. POODLE, FREAK, LOGIAM, RC4NOMORE)
    • Migrate to new OpenSSL libraries which will change the method by which you generate and import your certificate

    Configuration Options

    • Configure TLS 1.2 with Backward Compatibility

      The default Oracle E-Business Suite 12.1 configuration allows for the handshake between the client and server to negotiate and use the highest version of TLS (either 1.2, 1.1, or 1.0) supported by both parties.

      For example, if the outbound connection used by iProcurement is by default configured for TLS 1.2, 1.1 and 1.0 and if a call is made from Oracle E-Business Suite iProcurement to an external site that supports TLS 1.2 and a common cipher suite is found, then TLS 1.2 will be used. If a call is made from Oracle E-Business Suite iProcurement to an external site that supports TLS 1.1 and a common cipher suite is found, then the handshake negotiation will resolve to use TLS 1.1.

    • Configure TLS 1.2 Only (Optional Configuration)

    You may optionally configure Oracle E-Business Suite to use TLS 1.2 only for all inbound, outbound and loopback connections.

    Warning: If you restrict Oracle E-Business Suite 12.1 to use only TLS 1.2, this configuration could result in the inability to connect with other sites or browsers that do not support TLS 1.2.
    • Disable the HTTP Port (Optional Configuration)

    You may optionally configure the Oracle HTTP Sever (OHS) delivered with the Oracle E-Business Suite application technology stack to disable the HTTP port and use the HTTPS port only.

    Where can I learn more?
    There are several guides and documents that cover Oracle E-Business Suite 12.1 secure configuration and encryption. You can learn more by reading the following:

    SSL or TLS 1.0 Reference Note

    If you are using SSL or TLS 1.0 and need to review your current configuration or renew your certificate, you may refer to the following:

    Related Articles

    Categories: APPS Blogs

    Positive Pay Implementation – Step by Step Guide

    OracleApps Epicenter - Tue, 2016-07-26 10:27
    Now that you know what Positive Pay is, you need to find out how to start using Positive Pay. First, we need to start by saying that EVERY bank handles Positive Pay differently. The steps/outline presented here are just a representation of what the most common implementation procedure could look like. 1. Contact your bank […]
    Categories: APPS Blogs

    EBS Release 12.x certified with Safari 9 on Apple OS X

    Steven Chan - Mon, 2016-07-25 12:25
    Apple logoOracle E-Business Suite Release 12.1.3 and 12.2.4 or higher are now certified with Apple Mac OS X with the following desktop configurations:
    • Mac OS X 10.11 ("El Capitan" version 10.11.5 or later 10.11 updates)
    • Mac OS X 10.10 ("Yosemite" version 10.10.2 or later 10.10 updates)
    • Safari version 9 (9.1.1 or later 9.x updates)
    • Oracle JRE 8 plugin (1.8.0_91 or higher)
    Users should review all relevant information along with other specific patching requirements and known limitations posted in the Notes listed below.

    More information on this can be found in the document:

    Categories: APPS Blogs

    Understanding Positive Pay

    OracleApps Epicenter - Mon, 2016-07-25 10:36
    Positive Pay can best be described as a fraud prevention program or tool. Technology has increasingly facilitated the ability of criminals to create counterfeit checks and false identification that can be used to engage in fraudulent check activities. As a result, companies must adopt practices to protect against check fraud. Positive pay can provide this […]
    Categories: APPS Blogs

    PeopleSoft Guest User Security

    Being hospitable and welcoming to guests is usually considered good manners.  That said, being a gracious host does not mean you should be careless with your security.

    With regard to PeopleSoft application security, the user GUEST is a default account created with the installation of PeopleSoft.  When performing a PeopleSoft security audit, several attributes of the GUEST user are reviewed, including the following -  take a look today at your settings:

    For the GUEST user:

    • Change the default password
    • Ensure does not have access to sensitive menus and/or roles, including not having access to the following:
    • The role ‘PeopleSoft User’
    • Any role that includes the permission list PTPT1000
    • The role ‘PAPP_USER’
    • Any role that includes the permission list PAPP0002

    If you have questions, please contact us at info@integrigy.com

    Michael A. Miller, CISSP-ISSMP, CCSP

    References

    PeopleSoft Database Security

    PeopleSoft Security Quick Reference

    Auditing, Oracle PeopleSoft
    Categories: APPS Blogs, Security Blogs

    Release 12.2.5 AR Enhacement : Apply Receipts Automatically based on Match Score and Knapsack Method

    OracleApps Epicenter - Sat, 2016-07-23 09:30
    This is one of R12.2.5 Enhancement in EBS AR. The Automatic Cash Application improves accuracy and on-time application of cash receipts with the introduction of two new methods for automatically applying cash receipts. The first method generates match scores using the Levenshtein distance algorithm and automatically applies the receipt based on a score threshold. The […]
    Categories: APPS Blogs

    Pages

    Subscribe to Oracle FAQ aggregator - APPS Blogs