Multiple Roles & Row Security in JDE E1 and Solutions

The multiple roles feature in E1 provides an excellent facility to create and manage process‐based roles that truly reflect the way your business operates.

Home » Industry Insights » Multiple Roles & Row Security in JDE E1 and Solutions

Multiple Roles & Row Security in JDE E1 and Solutions by ALLOut Security

The multiple roles feature in EnterpriseOne provides an excellent facility to create and manage process‐based roles that truly reflect the way your business operates. However, significant time and resources can be spent making the best use of these features and troubleshooting issues, and some other times there is no standard JDE alternatives, like for row security.

Let's see what the JD Edwards E1 hierarchy for reading security records:

User level security records first.
Role level security: Evaluating assigned roles in order of role sequence number (highest to lowest).
Security at *PUBLIC.

Once a security record is found for a specific object (program or UBE) the security evaluation stops.

Consequence: a role with a higher role sequence number could have inquiry only to an application, preventing a user from performing updates that are granted by another role that has been applied to that user.

Let us see what Standard EnterpriseOne Security does:

Role sequencer causes conflicts
A user with multiple roles can have an action code security “N” instead of the “Y” intended.
Row security only works for one role
Row security is only applied from one role. Any row security in subsequent roles is ignored. This means that row security needs to be set‐up for every combination of business unit.
No complete security reports
“Who has access to what?” and “what can they do when they get there?” reports are not available.
UDOs and Task Views do not accumulate
A user with multiple roles no longer has to select their role‐based menus one at a time. Administrators and management get at‐a‐glance information.
Security Maintenance across Environments
When security is split to enable testing and change control, dual maintenance is required for every change.

All this pain is solved with COMBIROLES KEY FEATURES:

Conflict resolver
Identifies conflicts for a user and automatically creates “Y” settings that over‐ride the role level security. All this while allowing full visibility to the adjustments and reasons for them. No more problems with role sequencer!
Row security accumulator
Identifies overlaps in multiple roles and combines values (“A to C” and “B to D” becomes “A to D”). Now you get full functionality of multiple roles and all of the benefits for not just application security but also that row access you may be enabling
Security Reports
A full set of security reports showing exactly what access is in effect for a user in addition to identifying any security conflicts. Options to output to .pdf or Excel. Excellent for conflict resolution or simply information.
UDO and Task View Accumulator
Combines multiple UDO structures and Menu Filters so a user sees one set of pages and one menu structure when they sign on. Nowhere else are you able to get full visibility to all components of JDE access ‐ security, task view masking and UDO access.

ALLOut can resolve conflicts AUTOMATICALLY & CONSISTENTLY. Ask for more to hazel.jackson@alloutsecurity.com

Discover our industry leading expertise

Industry Insights

4 Steps to Prepare for your SOX audit
July 1, 2021
Identify your internal business processes
Identify rules (or buy the ALLOut rule set)
Identify conflicts (run ALLOut’s SOD reports)
Remediate (fix) or Mitigate (excuse)

Maximize Oracle Investment: Security, Compliance Tools for Executives
February 24, 2021
Maximize human investment in caring for JD Edwards, increase value from your current toolset and get improved information from your ERP system.
Watch On-Demand

Upcoming live events

Solving the ‘Excess Access’ Problem Once For ALL [APAC]

April 8, 2025

Live Webinar - April 8, 1:00 PM (AEST). Session Information - APAC Webinar Excessive access in JD Edwards (JDE) poses great security, compliance, and operational risks, while increasing exposure to human error. Join our webinar to discover how ALLOut’s & Steltix’s latest solutions can streamline access management, ensure compliance and minimise threats. Integrate automation and key processes to strengthen your Identity Governance & Administration (IGA) workflow:

BLUEPRINT 4D – Las Vegas!

9 Jun 2025, 12:00 am

Join the ALLOut Security team at the Venetian in Las Vegas, for what’s set to be yet another engaging conference!

View Event

Solving the ‘Excess Access’ Problem Once For ALL [EMEA+AMERICAS]

April 8, 2025

Live Webinar - April 8, 1:00 PM (ET). | 10:00 AM (PT). Session Information - EMEA+AMERICAS Webinar Excessive access in JD Edwards (JDE) poses great security, compliance, and operational risks, while increasing exposure to human error. Join our webinar to discover how ALLOut’s & Steltix’s latest solutions can streamline access management, ensure compliance and minimise threats. Integrate automation and key processes to strengthen your Identity Governance & Administration (IGA) workflow:

Empower your security team

Save time, enhance risk visibility and be audit-ready with ALLOut Security for JD Edwards.

Request a Demo

Cookie name	Default expiration time	Description
_ga	2 years	Used to distinguish users.
_gid	24 hours	Used to distinguish users.
_ga_<container-id>	2 years	Used to persist session state.
_gac_gb_<container-id>	90 days	Contains campaign related information. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out. Learn more.

visitor_id<accountid>	The visitor cookie includes a unique visitor ID and the unique identifier for your account. For example, the cookie name visitor_id12345 stores the visitor ID 1010101010. The account identifier, 12345, makes sure that the visitor is tracked on the correct Pardot account. The visitor value is the visitor_id in your Pardot account. This cookie is set for visitors by the Pardot tracking code.
pi_opt_in<accountid>	If Tracking Opt-in preferences is enabled, the pi_opt_in cookie is set with a `true` or `false` value when the visitor opts in or out of tracking. If a visitor opts in, the value is set to `true`, and the visitor is cookied and tracked. If the visitor opts out or ignores the opt-in banner, the opt-in cookie value is set to `false`. The visitor cookie is disabled, and the visitor is not tracked.
visitor_id<accountid>-hash	The visitor hash cookie contains the account ID and stores a unique hash. For example, the cookie name visitor_id12345-hash stores the hash “855c3697d9979e78ac404c4ba2c66533”, and the account ID is 12345. This cookie is a security measure to make sure that a malicious user can’t fake a visitor from Pardot and access corresponding prospect information.
lpv<accountid>	This LPV cookie is set to keep Pardot from tracking multiple page views on a single asset over a 30-minute session. For example, if a visitor reloads a landing page several times over a 30-minute period, this cookie keeps each reload from being tracked as a page view.
pardot	A session cookie named pardot is set in your browser while you’re logged in to Pardot as a user or when a visitor accesses a form, landing page, or page with Pardot tracking code. The cookie denotes an active session and isn’t used for tracking.

Cookie name	Default expiration time	Description
_ga	2 years	Used to distinguish users.
_gid	24 hours	Used to distinguish users.
_ga_<container-id>	2 years	Used to persist session state.
_gac_gb_<container-id>	90 days	Contains campaign related information. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out. Learn more.

visitor_id<accountid>	The visitor cookie includes a unique visitor ID and the unique identifier for your account. For example, the cookie name visitor_id12345 stores the visitor ID 1010101010. The account identifier, 12345, makes sure that the visitor is tracked on the correct Pardot account. The visitor value is the visitor_id in your Pardot account. This cookie is set for visitors by the Pardot tracking code.
pi_opt_in<accountid>	If Tracking Opt-in preferences is enabled, the pi_opt_in cookie is set with a `true` or `false` value when the visitor opts in or out of tracking. If a visitor opts in, the value is set to `true`, and the visitor is cookied and tracked. If the visitor opts out or ignores the opt-in banner, the opt-in cookie value is set to `false`. The visitor cookie is disabled, and the visitor is not tracked.
visitor_id<accountid>-hash	The visitor hash cookie contains the account ID and stores a unique hash. For example, the cookie name visitor_id12345-hash stores the hash “855c3697d9979e78ac404c4ba2c66533”, and the account ID is 12345. This cookie is a security measure to make sure that a malicious user can’t fake a visitor from Pardot and access corresponding prospect information.
lpv<accountid>	This LPV cookie is set to keep Pardot from tracking multiple page views on a single asset over a 30-minute session. For example, if a visitor reloads a landing page several times over a 30-minute period, this cookie keeps each reload from being tracked as a page view.
pardot	A session cookie named pardot is set in your browser while you’re logged in to Pardot as a user or when a visitor accesses a form, landing page, or page with Pardot tracking code. The cookie denotes an active session and isn’t used for tracking.

Multiple Roles & Row Security in JDE E1 and Solutions

Discover our industry leading expertise

Industry Insights

On-demand webinars

Upcoming live events

Empower your security team