Setting up JDE Security

nij

Member
I have recently joined a new company and have been assigned the task to assess their JDE Security. Although I have extensive experience in developing UBEs and applications I have no practical experience in implementing or maintaining JDE security and am looking for advice.

Basically, they want to ensure that the existing security is appropriate, reflects role assignments and enforces suitable segregation of duties. Their JDE security has been set up as role based with individual roles being applied to a user as required to complete their day to day tasks. Generally the roles are quite broad with a number of objects included within each one and in order to give a user one specific program or report, an additional full role has been given to the user. This has created some concern over segregation of duties and conflict within the security workbench.

So the suggestion has been to develop a segregation of duties matrix to identify high risk areas within the business, and assign specific JDE programs to those areas of risk that have been identified.

Can anyone comment on this method or approach as being right approach? Is this generally regarded as the most up to date solution?

And also, what applications/menus etc do I use to access, review, and set up the security from within JDE?

Any comments or thoughts are appreciated...

Thanks
 
Hi Nij,

First of all the SoD matrix that you suggest is a good idea, and I can more than happily shre with you some suggested ideas. I say suggested because each business is different (especially if you have heavy customisation) but the principles remain relatively the same.

The only problem I foresee is your combination of Role and User level security and trying to understand SoD conflicts between these levels and the multi role setup.

This manually is going to be a time intensive process sorry to say. However this is why companies like us exist and security audits are one of our specialties.

If you wish to continue down the manual route we do have a free tool from our website which allows you to establish where the security comes from for an Object by User, this might help you in your multil level/multi role setup.

If you want any further explanation let me know or contact us via the website: www.qsoftware.com.

Thanks,
 
Hi Nigel,
I suggest you learn from a professional what the SoD is and how it can be implemented.
We use another product: AllOut Security.
Its ease of understanding made it even easier to implement, and it is so user friendly it is now being used by our Support Analyst (whose background is Application - Business Analysis).
Take a look at both products (AOS & QS) and select the one your Support Analyst / E1 Manager is more comfortable with.
Good day and good luck,
 
I would suggest (FIRST) you talk to a knowledgeable and highly experienced JDE security person. Security can be a monster... Review what you have in detail and understand the current landscape. Then decide next steps ~ ~ ~ Both AOS and QS work great and are wonderful tools - If used correctly...
 
Hi Nij,

If you are free we can chat to see if the size of the roles meets industry best practice or not. As to the SoD either you can write a tool yourselves or you can rent/buy one. ALLOut's software is modular so you dont need to change your security through the product in order to get SoD reports.
 
Back
Top