[ QUOTE ]
One big thing, which is of value is SOD. However, even that I would assume is unique to companies as each company have to manaully define what they would consider Transgression. Does these tool comes with well defined SOD( I.e this application should not be used with aother application) or is is part of the consulting engagement to really understand the companies requirement and build on that.
[/ QUOTE ]
Here's my $.02 worth..
Can't speak about SOD and Qsoft, but on AllOut, it has a section of predefined SOD rules. It has a rating system for the mildly interested to totally paranoid (my scale, they call them something else). It is set up like a Wizard. You pick the rule, it does an analysis, then you make intelligent choices. It's pretty slick. It also has some pretty good reporting for auditors and process owners.
The biggest value for a mature system is it's ability to combine roles. Typical example I get. Someone is in role A. Their job responsibilities change. They need to keep what they have, plus add in all of the menus and security access of role B. Right now, in XE, I have to do a manual comparision of the two roles, and create a new third role C. In all-out, the application does the analysis, and creates role C. Very slick.
For 8.10 users, it allows for multiple roles. Rather than the silly way that E1 uses, role sequencing, All-out creates a new superrole (they call it a combi-role) to merge two roles together. I think Q-Soft has a similar feature.
I am in the process of writing up a white paper on JDE security best practices, and am contemplating writing a book on the subject. In my opinion, there is value to be had from adding on either one of these tools, especially if a company is doing a new implimentation or upgrade and redoing security. The tools that come natively with E1 leave much to be desired.
- Gregg