• Introducing Dark Mode! Switch by clicking on the lightbulb icon next to Search or by clicking on Default style at the bottom left of the page!

[JDE 9.1] Using 2 role at the same time?

Hi there!

So at my job they always had an issue with JDE Security when someone as to use 2 role at the same time.

With our security, if a person has 2 role, they use the sequence to know which one to use first.

It's all good as long as they don't have security on the same object.

Like if F4201 is in read only for the first role, and read-write for the second role, it will be read only.

And we don't want that. I don't get why it would work like this, it doesn't make sense to me.

Are we doing something wrong? Is there a solution to this?

Right now we have to use 2 browser, one using a role and the second using the second role.

It's not productive.

Thank you!
 

Tom_Davidson

VIP Member
When you have two (or more) roles in conflict it has to pick one or the other, there is no way to know which is the 'right' answer. By definition the first instance of the security is used.

If you need different results, you should make a 3rd role that does what you want and use it.

Tom
 
Thanks for the reply.

Yeah creating a 3rd role was my last option, but I try not to do that. Especially in this case, because it's a role that won't be used ever again.
 

BPConnor

Active Member
role sequencing is the bane of security! The security hierarchy will always default to User, role (highest to lowest sequence), then *PUBLIC. The best approach is to make sure your base security approach is correct and you are not duplicating entries across multiple roles. Otherwise, there is a third party tool, ALLOut Security that uses a fix/merge process to identify and resolve conflicts between multiple roles. Yes, it writes a record at the user level (user trumps role), but once either of the roles causing the conflict is expired, the user level record will be removed.
 

schojo44

Active Member
role sequencing is the bane of security! The security hierarchy will always default to User, role (highest to lowest sequence), then *PUBLIC. The best approach is to make sure your base security approach is correct and you are not duplicating entries across multiple roles. Otherwise, there is a third party tool, ALLOut Security that uses a fix/merge process to identify and resolve conflicts between multiple roles. Yes, it writes a record at the user level (user trumps role), but once either of the roles causing the conflict is expired, the user level record will be removed.
oh okay, what this tool does is what i just wanted to recommend to do manually! :)
 
Top