We are using Qsoft to manage JDE 9.1. We're currently using a very rudimentary security setup in a proof of concept system, but we're looking at setting up a more robust "finalized" security structure in Dev and, later, production.
Researching, I found the following two blog posts from QSoft...