nij
Member
I have recently joined a new company and have been assigned the task to assess their JDE Security. Although I have extensive experience in developing UBEs and applications I have no practical experience in implementing or maintaining JDE security and am looking for advice.
Basically, they want to ensure that the existing security is appropriate, reflects role assignments and enforces suitable segregation of duties. Their JDE security has been set up as role based with individual roles being applied to a user as required to complete their day to day tasks. Generally the roles are quite broad with a number of objects included within each one and in order to give a user one specific program or report, an additional full role has been given to the user. This has created some concern over segregation of duties and conflict within the security workbench.
So the suggestion has been to develop a segregation of duties matrix to identify high risk areas within the business, and assign specific JDE programs to those areas of risk that have been identified.
Can anyone comment on this method or approach as being right approach? Is this generally regarded as the most up to date solution?
And also, what applications/menus etc do I use to access, review, and set up the security from within JDE?
Any comments or thoughts are appreciated...
Thanks
Basically, they want to ensure that the existing security is appropriate, reflects role assignments and enforces suitable segregation of duties. Their JDE security has been set up as role based with individual roles being applied to a user as required to complete their day to day tasks. Generally the roles are quite broad with a number of objects included within each one and in order to give a user one specific program or report, an additional full role has been given to the user. This has created some concern over segregation of duties and conflict within the security workbench.
So the suggestion has been to develop a segregation of duties matrix to identify high risk areas within the business, and assign specific JDE programs to those areas of risk that have been identified.
Can anyone comment on this method or approach as being right approach? Is this generally regarded as the most up to date solution?
And also, what applications/menus etc do I use to access, review, and set up the security from within JDE?
Any comments or thoughts are appreciated...
Thanks