alternatives to qbuild

andreas.haisch

Member
Last week I have Posted a Question for *public closed or opened. After this post an Account Manager from QSoftware called me and gave me a Demonstration for Qbuild. The Software looks realy nice, but it's to expencive for our Company. Are there some cheaper alternatives to qubuild?

Thanks for you'r responses
 
Andreas,

Q Software is very cool. I have seen the demo myself and have had conversations with them. It didn't make sense for our company because we already had a pretty mature security environment. As a CNC who has done security for a number of year now, I could definately see the value in that solution if I had to start from scratch. That said, the alternative to Q Software is to do security within the application "Old School" style. That means having an expert log in as an application lead, and then identify all of the applications, visual assists, reports etc. that a group needs and then have a security admin like myself add those applications into the security records for the group. Then someone else has to go in and test to see what applications we missed, and then add those in and so on.......

All doors closed security is difficult to impliment, but then again, we are talking about an Enterprise Resource Planning application here. If it was easy, everyone would be doing it.......

Good Luck and keep up posted on your progress.

Gregg Larkin
JDE System Administrator (CNC) / North America
Praxair, Inc.
 
No we are not using World. We need the Tool for Enterprise One. Are there no other solutions?
 
If you need SOX compliance and you are creating a closed model from scratch, QSoftware is pretty much all there is. Their prices might seem high - but compared to the consulting costs for setting up the system or the nasty alternative of SOX fines, its very low indeed !
 
[ QUOTE ]
If you need SOX compliance and you are creating a closed model from scratch, QSoftware is pretty much all there is. Their prices might seem high - but compared to the consulting costs for setting up the system or the nasty alternative of SOX fines, its very low indeed !

[/ QUOTE ]

To build on what Jon just posted - an "all doors closed" security model is just plain good practice. If you leave security wide open, and just depend on custom menus to point users to what you want them to execute, you are leaving a large vulnerability. The JDE application needs to be tied down. The menus need to be tied down.

You also need to look at other applications the user has access to that may tie in to JDE and tie those down as well. Here is an example - we have a user that has access rights to create a sales order in a legacy application. The legacy application passes sales orders over to JDE to create the invoices. The user has access rights to modify the customer master and print invoices in JDE. This presents a seperation of duties conflict. The user could theoretically create a bogus order, process the invoice and walk away with the money. (no, this didn't happen, but the potential is there). To resolve this, we had to modify his access rights in both systems to avoid the potential issue. Because we have an "all doors closed" model, this was easily accomplished.

Gregg Larkin
JDE System Administrator (CNC) / North America
Praxair, Inc.
 
Reminds me of the time a client asked me if I had accidentally entered a
Sales Order into their production system.

I said, "yes, that could have happened."

The response was: "That's OK, we shipped it and the customer paid for it."

I laughed and said, "OK, where's my commission?"

Embarrassedly yours,

Andy
 
AllOutSecurity have one...we're in the final stages of preparing it for market in the US.
 
QSoftware have just released their successor to QBuild. I believe it is called SEC-Qure. It's based on proven technology and has loads of cool new features that's going to make setting up security and reporting dead easy. And I hear on top of that they've put a worldwide patent on the whole thing to stop people copying the idea. They've got proven software with a whole host of good customers and not 'planned' vapourware.
 
Used this one at a client, its called DISCOVERY and without going into too much detail, it took a role and populated the F00950 with application and action security with an accuracy rate of about 90-95%.
 
We use qbuild for EnterpriseOne and it's a great tool. We off-loaded 2 consultants from our project which more than paid for the product. We are close to receiving their latest update which has full auditing functionality (for SOX compliance). This was a big problem on the old/current releases because qbuild deletes from the F00950 and then inserts, creating thousands of entries in audit tables.

I agree it's an expensive product, but if you need SOX compliance and you want to save yourself a lot of time, then this is a great product.

We had issues with the version we were using and they worked with us to fix these issues. They also asked us what we wanted from the product and put us in contact with the developers (through webex meetings).

Not exactly an answer to your question, but I thought I'd share my qbuild experiences with you.

tukar2u
 
Back
Top