Best Practice: Why you should Consider Using Multiple Roles  

Saving time and making things easier is what we all want. Having smaller process-based roles is a great way to achieve these aims because you can avoid security repetition and duplication. However, smaller roles typically means that users need more of them to carry out tasks, which comes with drawbacks. Getting up to speed with issues related to multiple roles, and how to avoid them will help.   

What are Roles, and how do they work in JD Edwards?  

 A Role is nothing more than a set of security permissions (including menu filtering that is nothing more than menu security). Roles exist to make user access more consistent (less repetition and duplication), easier to identify (i.e., report on) and simple to apply. Once a role is defined, and menu filters (fine cut) along with security access are put in place, then user access can be changed in future without effort or risk.   

Assigning security records to roles rather than to users is industry best practice. Why? Business processes (credit order entry, financial reporting, and inventory inquiries, etc.) rarely change, whereas people do (employee relocation, quits and new hires, etc.). Although this sounds simple, when using standard JD Edwards, issues often arise in practice. 

The Impact of Role Assignment Conflicts  

When users are allocated more than one role with different menu and security permissions, the question arises as to what authority JD Edwards should give the user. In JD Edwards, such “conflicts” between roles are managed via a hierarchy, which determines actual user access. This is done using a “role sequencer” whereby the security records of the role with the highest (i.e., most powerful) number takes precedence. The outcome of quick fixes, however, is not always ideal when conflicts arise, and manual upkeep is often problematic: 

• Adjusting sequencing numbers manually is complex, inefficient and could impact the access other users have. 
• Maintenance and clean-up issues arise when manually creating user-level records that override role-level records or separate roles for users.  
• Unresolved conflicts deny users the task views and access they need.  

In E1, discrepancies between role-based menu filtering (fine cut) and security that relies on users switching between roles causes confusion. What’s more, SOD conflicts could arise if unauthorized permission is granted. 

Managing the Challenges of Multiple Roles Via Forward-Focused Solutions 

Efficiency and operational success depend on a strategy that overcomes the challenges of multiple-role management. Streamline your efforts with software tools that facilitate multiple-role management by automating conflict resolution, synchronizing security and menus in a single place while providing testing if required. 

 Merging roles, menus, and security in a way that resolves Sequencer Conflicts automatically with ALLOut Security: 

• Role security conflict resolution combines data access at the user and role level where conflicting row security ranges and action codes exist (yes and no) across multiple roles. 
• UDO and Task view accumulation provides users with a single tailored menu without switching between roles, logging off and signing in again. 
• Promote security (including menu filtering security) between your environments by testing before going live in production. 
• Taking simplified management further. Super-Roles allow multiple ‘child’ (or sub-roles) roles to be merged into a ‘parent’ role by filtering and aligning records between them, allowing power users to exceed Oracle’s 30-role limit. 
• Reporting that allows you to gain visibility on: 
  • Sequencer Conflicts: insight into potential sequencing conflicts for role assignments and users. 
  • Security Access: list security records for where sequencer conflicts exist. 
  • Menu Filtering Access: list menu filtering records where sequencer conflicts exist.  

To learn more, you request a demo of the ALLOut software for EnterpriseOne today!