ALLOBJ

No. It should be sufficient that your users are members of the JDE
group. The JDE profile should not need *ALLOBJ, but it should be the
owner of all JDE objects. Thus your users have unrestricted access to
JDE objects as far as operating system security is concerned. Menu,
business unit, action code, and search type securities are then meant
to control what your users can do within JDE. This is not ideal but it
is the standard JDE approach. It's fine as long as your users cannot
access JDE objects from outside JDE, and it's much better than
granting them *ALLOBJ which would open up non-JDE objects to them as
well.
 
No, Never, and I can't think of enough other ways to say no.

Each shop has determined their own needs for security and we have each user at a Class = *USER, Special Authority = *JOBCTL, and Group Profile = JDE. There is some discussion as to the Special Authority of JOBCTL but I believe it is a carry over from earlier releases of JDE World Software.
 

Similar threads

E9.2 LDAPS not working on new Domain Controller (Server 2022)
Replies
0
Views
1K
Tuna_S
TFZ
E9.2 Well that's a new one - anyone see this before?
Replies
3
Views
1K
TFZ
TFZ
E9.2 AIS Orphan Sessions using tokenrequest/logout via .NET Core 6 Minimal API
Replies
2
Views
2K
EDouglas
E9.2 How to Invoke External REST API from JDE?
Replies
12
Views
4K
alan_007
E9.1 Assess if only one user ID should be used to run all scheduled jobs in JDE
Replies
1
Views
1K
markdcci
markdcci
Back
Top