Absolutely - it's certainly the preferred method - analogous to locking your data in a vault, as opposed to looking at all the possible doors, windows, etc. that represent ways into your system.
There is a document - SAR #: 2662949, available from Oracle that details the steps necessary. Please note that the document may not properly address the issue of batch jobs.
The process basically involves creating a new group profile which has no rights to any JDE data, and making your users members of this group. The initial program in the profiles is then set to adopt authority from JDE (the owner of JDE data). *PUBLIC authority must be revoked as well.
Not to be undertaken lightly!
Cheers,
Emmanuel