Results 1 to 5 of 5

Thread: [JDE 9.1] Using 2 role at the same time?

  1. #1

    [JDE 9.1] Using 2 role at the same time?

    Hi there!

    So at my job they always had an issue with JDE Security when someone as to use 2 role at the same time.

    With our security, if a person has 2 role, they use the sequence to know which one to use first.

    It's all good as long as they don't have security on the same object.

    Like if F4201 is in read only for the first role, and read-write for the second role, it will be read only.

    And we don't want that. I don't get why it would work like this, it doesn't make sense to me.

    Are we doing something wrong? Is there a solution to this?

    Right now we have to use 2 browser, one using a role and the second using the second role.

    It's not productive.

    Thank you!

  2. #2
    Member Tom_Davidson's Avatar
    Join Date
    Nov 2000
    Location
    Wisconsin, USA
    Posts
    771
    When you have two (or more) roles in conflict it has to pick one or the other, there is no way to know which is the 'right' answer. By definition the first instance of the security is used.

    If you need different results, you should make a 3rd role that does what you want and use it.

    Tom
    Cleindori Consulting
    8.12/8.98.4.14, 9.1/9.1.5.3, 9.2/9.2.0.5/6
    IBM i, WebLogic on Windows, DBCS, Global installations.

  3. #3
    Thanks for the reply.

    Yeah creating a 3rd role was my last option, but I try not to do that. Especially in this case, because it's a role that won't be used ever again.

  4. #4
    Member BPConnor's Avatar
    Join Date
    Jul 2002
    Location
    Thornton, CO
    Posts
    58
    role sequencing is the bane of security! The security hierarchy will always default to User, role (highest to lowest sequence), then *PUBLIC. The best approach is to make sure your base security approach is correct and you are not duplicating entries across multiple roles. Otherwise, there is a third party tool, ALLOut Security that uses a fix/merge process to identify and resolve conflicts between multiple roles. Yes, it writes a record at the user level (user trumps role), but once either of the roles causing the conflict is expired, the user level record will be removed.
    JDE E1 Xe to 9.0 installation, configuration, and upgrades.
    GSI Security Practice Lead http://www.getgsi.com/
    Highly Experienced with all facets of JDE security, specializing in the implementation and support of All Out Security.

  5. #5
    Quote Originally Posted by BPConnor View Post
    role sequencing is the bane of security! The security hierarchy will always default to User, role (highest to lowest sequence), then *PUBLIC. The best approach is to make sure your base security approach is correct and you are not duplicating entries across multiple roles. Otherwise, there is a third party tool, ALLOut Security that uses a fix/merge process to identify and resolve conflicts between multiple roles. Yes, it writes a record at the user level (user trumps role), but once either of the roles causing the conflict is expired, the user level record will be removed.
    oh okay, what this tool does is what i just wanted to recommend to do manually!
    EnterpriseOne 8.12 to 9.2
    AIX, Linux, Windows, IBM i
    Oracle DB, MSSQL, DB2
    WAS, WLS

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
The legal restrictions and terms of use applicable to this site are available here.
Use of this site signifies your agreement to the terms of use.
JDELIST is NOT affiliated with JD Edwards® & Company, Oracle or Peoplesoft. Contents of this site are neither endorsed nor approved by JD Edwards® & Company and, or Oracle.