No. It should be sufficient that your users are members of the JDE
group. The JDE profile should not need *ALLOBJ, but it should be the
owner of all JDE objects. Thus your users have unrestricted access to
JDE objects as far as operating system security is concerned. Menu,
business unit, action code, and search type securities are then meant
to control what your users can do within JDE. This is not ideal but it
is the standard JDE approach. It's fine as long as your users cannot
access JDE objects from outside JDE, and it's much better than
granting them *ALLOBJ which would open up non-JDE objects to them as
well.