Batch Approval/Post Security

ssolberg

VIP Member
Although we've used JDE for years, we have never really had a need to "lock down" Batch approvals and posting. Recently I was asked to look more into how it operates and I'm having a bear of a time figuring it out. I've read the documentation and also the KG doc wfn-03-0002 about it and I still don't seem to have it and I've even tried it in a test environment. So hopefully someone can clear the cobwebs for me...

As an example, I have 5 people:
BOSS (the dept mgr)
FRED
SHARON
BOB
NEWBIE

We want the BOSS to be able to Approve anybody's batches but FRED, SHARON, BOB, and NEWBIE cannot approve any batches. BOSS can post anybody's batches.

FRED, SHARON, and BOB can post their batches once they have been approved by BOSS but they should only be able to post their own batches. NEWBIE can never post anything.

How should such a thing be setup? And where does the *ALL option come into play. I'm well versed in Action Code Security (and other securities) but this seems "backwards" and potentially lots of table maintenance to get everyone setup correctly?
 
We also recently had to lock down batch approvals due to Sarbanes-Oxley and internal control issues. In your example, Boss would have *ALL so the Approved by User equals BOSS, and the Secured User equals *All on the setup screen. Because the others can not approve batches, they will not be allowed to post either. JDE has tied the approval and posting together. Only users authorized to approve can post. The posting program will also take into consideration the security. Let's assume that Fred can approve Sharon's and Newbie's but not his own and Bob's. Everyone has 1 batch in the system. If Fred runs the post for all batches and all batches are approved, only Sharon's and Newbie's will actually post. Someone such as Boss would also have to run the post to get Fred and Bob's posted.

Let me know if you have further questions.

Virginia Patton
Manager, General Accounting
World A7.3 c.11
 
Have a look at Glossary entry for data items USR1 and USR2 that are used by P0024. I think that says that the person who can approve a batch can also post that same batch so, if Fred, Sharon, & Bob should be able to post their own batches, granting them posting ability also gives them approval ability. You would need to restrict them from the menu option where Approval (Review) occurs.

If you don't enter NEWBIE into the F0024, he won't be able to approve or post anything.

(Previously, we allowed some USR1 such as your BOSS to approve and post *ALL USR2 batches. Now, we specify each USR2 because we do not want USR1 to enter and post his own batches.)
 

Similar threads

E9.2 Auto approve G Batch Types
Replies
3
Views
1K
deeparao
E9.2 JDE EnterpriseOne Server Manager download only shows Disk1, not able to install on EnterpriseOne 9.2
Replies
8
Views
627
ingoc67
Mike Mackinnon
E9.2 JD Edwards Real-Time Financial Reconciliation
Replies
0
Views
691
Mike Mackinnon
Mike Mackinnon
A9.2 Payment Batch Error in Post - Date is PYE, but document type is not
Replies
1
Views
2K
klhowardk
Alex_Pastuhov
An extra layer of security for select users / superusers
Replies
2
Views
454
Alex_Pastuhov
Alex_Pastuhov
Back
Top