E9.2 best way for user system management


Hello everyone,
I am a novice in JDE and I wonder about the best practices for creating JDE users and users system. My provider offers me to create a JDEPROXY system user that I will associate with all my JDE users. Our JDE system is installed on AS400 and this could make maintenance easier by avoiding having to create a new system user for each new JDE user. I also wonder whether this process would lead to potential traceability defects. I’m still not experienced enough to realize it, which is why I would like your opinion:
is it preferable to use one system user per JDE user or the same system user for multiple JDE users?
Thank you in advance for your answers.
Nobody's answered this one yet so I will put my two cents in. There are pro's and con's to the method of setting up system users.

On one hand, one or a small number of system users is much easier to maintain as you noted. If you have a large number of JDE users you are going to have a large number of AS400 users, which is not the best scenario for ease-of-maintenance IMO. Also, it's more of an audit risk the more users you have - rather than auditing one or a few users periodically you now must audit hundreds or thousands.

On the other hand, you correctly identified that there may be some deficiency in tracking back who did what. If you make use of AS400 journalling, you can catch most issues since JDE User ID will be in the before and after images for cases where data tracking is necessary. It's an added bit of overhead but at least some basic journalling is required anyway. However, not all tables have JDE User ID in them - which means you might not be able to track down changes by user for those tables. I will say almost every key table (general ledger, etc) does, but not all. Also, that doesn't help much with performance-type issues, but there are other ways to track those down usually.

In the past I have always used just one or a few system users and relied on journalling for the auditability. It's has served me 99% of the time and administration is much easier. However, you need to really make sure that those one or two system IDs don't get disabled on the AS400 or all your users are dead in the water. I have put alerts on the system user IDs so that I get called/texted if that ID gets disabled. Didn't often happen but on rare occasions it did and we needed to quickly re-enable.