Trends and Best Practice on JD Edwards EnterpriseOne Roles
The question we get asked every time we talk to someone about EnterpriseOne Security is “what is the best practice?” or “how do I compare against everyone else?”
This is something that we have been working to address over the last 4 years or so, in part by asking people about their JD Edwards Security, but also by evaluating the actual Security files in JD Edwards as part of a Security Audit that we conduct.
For example, the average JD Edwards customer has between 40,000 and 70,000 lines of Security*, but what does this mean? Does it matter if we have 80,000 lines of Security? Probably not, but if you have 500 Users and 500,000 lines of Security, there is obviously something wrong.
So what are the numbers that matter? Well, unless you are suffering from performance issues due to high numbers of Row Security records, the key numbers are the Users vs Roles, particularly the number of Roles a User has.
As of the 9 releases, the character limit means that a User can have around 30 Roles – which is a lot. Back when Multiple Roles were released, we worked with companies who decided to use a high number of Roles like this and of course the issues with sequencing started to arise.
So today we see these sequencing issues causing JD Edwards users to reconsider their use of Roles for two main reasons:
- Resolving sequencing issues is taking too much time and causing too much frustration
- Complying with any legislation (SOX for example) is very problematic because it is difficult to work out who has access to what and prove you have a handle on internal controls.
The research is proving this; we are witnessing a move to 2 Roles per User to try and solve these two issues. Why 2 Roles? The first Role is the functional Role, defining what a bunch of Users can do, for example AP Manager. The second Role consists of the User’s Row Security, which restricts what data a User can see, for example Company A.
Put it together and you get a very simplified security structure that makes it easy to manage by avoiding sequencing, and much quicker to answer auditors’ questions on who has access to what.
At this point many people ask “How can I simplify my security into just one functional Role?” The answer is to break security down into bite size chunks or tasks, then combine these tasks to form a job function. There are many ways to formulate this this, which we will cover in a future topic. If you want to explore this concept further in the meantime, though, please get in touch.
*This is based on User counts of between 900 and 1300 User sites.
For more information on JDE EnterpriseOne security management