As a JD Edwards professional, you know that native security is the first line of defense for your ERP. You also know JDE’s native security features can sometimes pose a challenge.
When JDE first came onto the ERP scene, it offered a different user experience and plentiful, cutting-edge features. And while many of those features have been upgraded over the last 40-ish years, JDE security still has a few opportunities for improvement.
To offset potential concerns, JDE has cultivated a rich relationship with a variety of trusted third-party security partners, like ALLOut Security, among others. These third-party security providers fill in any gaps in the existing JDE security landscape.
At ERP Suites, we have customers who use only native JDE security, customers who use ALLOut, and customers who use other third-party tools. Our security team is led by JDE security expert Brian Connor, who has over 20 years of experience in the field. We have a longstanding history of helping our customers use and implement the best option for their business. That means we recommend ALLOut and other third-party tools when our experts believe it’s necessary.
In this article, every challenge encountered in JDE security can be resolved through partnering with third-party companies, like ALLOut Security. Because security is a non-negotiable for your business, it is important to understand the challenges. Your existing JDE security landscape should be in tip-top condition to start.
These are the top five native JDE security challenges we encounter – and potential solutions:
- Lengthy user set-up
- Security changes
- Role conflicts
- Access reports
- Separation of duties.
Challenge 1: User Set Up Can Be Time Consuming
One of the most frustrating aspects of JDE security is the time-consuming process of setting up new users. The procedure requires multiple steps, on multiple screens. First, you must create a new user profile.
Create JDE profile in JDE
Next, you have to create an address book record, and an address book application.
Address book record in JDE
Third, a proxy user needs to be created, as well as a user security application. You then need to go into yet another screen to set your password requirements, such as frequency of password changes and password expiration information.
With so many steps to accomplish, and in a specific order, this process can be prone to error – not to mention tedious and time-consuming. It’s a drain on valuable resources that could be better spent elsewhere.
Solution: ALLOut allows you to set up a user on one screen, eliminates the need to click out through multiple screens, and dramatically reduces your user set-up time.
Challenge 2: Security Changes Are Complex
Making security changes in JDE entails navigating through various screens to modify roles and programs. You start in the security workbench, use the form exit to the security type, and then you have to input the role and program you’re adjusting. You have to tick the boxes you want enabled or disabled, and modify the application.
It’s tedious and time-consuming, at best. At worst, you run the risk of clicking the wrong thing in the labyrinth of new screens.
Security Workbench in JD Edwards
This is another module that doesn’t have the easiest internal work-around.
Solution: A third-party tool like ALLOut helps streamline this process, reducing the chance for making the wrong selection on various screens.
Challenge 3: Role Conflicts Require Detailed Ordering
JD Edwards security is read in a specific order. It looks at permissions on the user level first, then role level.
Role sequencing in JDE
If there are conflicting permissions, the highest-numbered role takes precedence. This can lead to unexpected and potentially dangerous situations.
For example, imagine a scenario where a user has two roles: one that grants them permission to delete orders and another that prohibits them from doing so. If the role that prohibits deletions has a higher number, the user won't be able to delete orders, even though they have the necessary permission in the other role. Or let’s say a role that is taken away from a user might have other programs in it that gave them access they did want. However, because they’re at a “lower” role, that access is taken away. This can delay the daily flow of operations and necessitate extra staff hours to troubleshoot.
Add roles in JDE
Solution: To address role conflicts, you can re-sequence your roles to match preferred permission settings, or add additional permissions at the user level.
Challenge 4: Keeping Track of User Access
Another common challenge is difficulty determining who has access to specific programs or data. While there are tools available to help you manage security settings, there may not be a straightforward way to generate reports that show who has access to what.
Let’s say a security breach occurs. You need to quickly identify who might have had access to the compromised data. Without proper reporting capabilities, this can be a daunting and time-consuming task.
To address this issue within native JDE security, you should create a plan for tracking and reporting on user access.
Solution: A third-party tool like ALLOut can create custom access reports to track user access and provide advanced reporting features.
Challenge 5: Segregation of Duties is Essential for Security
Finally, one of the biggest risks associated with JDE security is the lack of oversight and segregation of duties. In many organizations, it's common for a single individual to have both the ability to create and approve transactions. This can create opportunities for fraud and abuse.
Remember the Enron scandal? That was caused by one person having unfettered and unguarded access. The ensuing financial and business fallout could have been prevented with a simple segregation of duties. By ensuring that different people are responsible for various tasks, you can help to prevent unauthorized access and reduce the risk of fraud.
You can overcome the proverbial muddied waters by implementing strong internal controls and policies. This will involve assigning specific roles and responsibilities to different employees and regularly reviewing and updating your security procedures.
Solution: JD Edwards does not have any segregation of duties. ALLOut can ensure a system of checks and balances within your team by assigning different tasks to different members.
Safeguard Your JDE Native Security
JDE is an ERP system used around the world, with a security interface that has withstood the test of 40+ years in operation. However, like any successful tool, some of its security features can be challenging to manage. By understanding the common pitfalls and implementing effective solutions, you can improve your JDE security posture and protect your valuable data.
Remember, security is an ongoing process. Have you checked in on yours lately? Take this security assessment to see how you’re doing.
Topics:
