Security setup - Multi-company environment (XE)

[Aarto]

Hi all!

This is a multi-company installation on JDE XE

We are currently analyzing what is required to ensure that users in one company can not see or transact on data belonging to another company. It's clear enought for normal transactions such as sales/purchasing, inventory etc. but some areas are more complicated.

- Items - How to restrict items to only one company (so they can only see their own items in Item master and in all search forms

- Address Book - Ho to restrict address book records (we plan to use security on search type for this purpose)

- Costs (F4105)

- Prices (F4106)

- Advanced price details (F4072)

- G/L Batch header records

etc,

I wonder if there is a whitepaper or a case study available that discusses this type of setup and analysis requirements or any other guidelines/best practice documents. The reason we are doing this is (no surprises) SOX and Separation of duties requirements + requirement to make the system more user friendly by not showing items and address book records that should not be valid for the users company

Any pointers are glady accepted

With kind regards
/Aarto

 

[pfd]

For address book we specify the branch in the MCU field and that lets us setup security by company/branch. Ditto for F4105 & F4106. That should be true for F4072 too. Item Master is a problem and we use the buyer# to prevent users from updating item belonging to another company. Basically if address book record of buyer# = company X and user from Company Y is trying to update the item master security prevents it.
Batch headers are an issue so we use P00241 (I think) to setup security for batch postings. It does get messed up sometimes though. To help we have a naming convention for users so all users form company A have ids starting with A and so on.
Let me know if you need any more details.

Thanks,
Matt

 

[Aarto]

Thanks for the pointers Matt..

We're going down the same route except for items where buyer/planner cannot be used for various reasons. Therefore we will use the SRP1 code (activate security for that in DD setup) and use that code to denote the "owner" of the item master record
/Aarto

 

[Luke Phillips]

hi,

We have some white papers on row security - downloadable from the website I think.

Also, if you mail our support we can send you a list of best practice row security tables to implement too. You may want to consider a 3rd party product for this as JDE wont merge up the row security in multiple roles effectively itself, nor is there any standard row security reporting provided.

Cheers