QSoftware and Security

Does anybody have feedback on QSoftware's security application for OneWorld?

Any thoughts or suggestions related to it?

We are going through are going through a security discussion right now at one of my clients. The security model will probably start with *ALL N N and we will grant back what users need. It sound like QSoftware might be a good choice for implementing this model.

Jeremy

We looked at QSoftware. It's a pretty good product but we thought it was too expensive and ended up doing the security ourselves.

Patty

I tried the *All N N but it was a long tedious process having to grant them not only what they needed but if they try to search on a column you have to give them access to that application also. We came up with setting *All Y Y at the Application Level then *All N N N N N N at the Action Level. This basically gives them Read-Only access to everything that is on their menu then we gave the Action access at the group level to what they needed.

I work as a consultant for Qsoftware, and have found the "All Doors Closed", i.e. N N at Application Level approach far easier than "All Doors Open" .The All Doors Open , Y Y at Application level, and then denying access to so many more applications, with the added threat of perhaps not securing a really important Application potentially leaves your system exposed, both to fraud and accidental misuse of an application. Also every new Application has to be locked out specifically with the All Doors Open policy . Please feel free to contact me for any questions you may have. We do have a "White Paper" on the All Doors Closed policy , and Customer Reference sites that I can forward to you upon request.
My Office Phone Number is +44 (1) 444 476796 , or if you prefer my email address is [email protected].

I'm implementing security across multiple OneWorld instances using QBuild and an all doors shut methodology. Because the QComponents are based on real world situations they jump started my security development. That does not mean I got there overnight. My biggest headache was getting user attention to validate what I had rolled out. On the other hand, without QBuild or something similar I think it would be impractical to implement and manage an an all doors shut policy. At a minimum it would be really tough.

In my opinion it is the QComponents that make the ADS methodology possible. So much of the work is already done the tuning piece for my local situation was pretty straightforward. It was easy to ID the bits I wanted to turn off. Most of the other changes were action security security or involved access to custom stuff.

I agree with your approach of locking users at the application level through N N. The alternative of preventing access through navigation methods is far more arduous if done correctly and even then it is not secure.

We have developed a methodology that will assist you in implementing appropriate security for your company. We have proprietary software available to assist in the process. This software has been developed for World, OneWorld and Xe. It interrogates the security tables to determine whether there are any problems or segregation of duties failures.

Restricting all objects N N has many hidden issues but should be performed for all JDE environments.

We use this software to assist in design and review of security. Our methodology and experience, however, is far more important than software.

Send me a private message if you want more details.