JDE Security – Closed Model vs. Open Model

Security is a vital component of your JD Edwards environment and needs to be implemented properly to make full use of its benefits. At ALLOut, we are all about ‘Best Practice’.

Out-of-the-box JD Edwards (JDE) EnterpriseOne (E1) software comes with an ‘Open’ security architecture. This means that all users (who have access to the system) can, theoretically, access all applications and update any data. A ‘Deny All’ or ‘Closed’ security methodology requires that the system is locked down so that no user can access any applications or data. Authority is then granted back to the appropriate users and roles.

Due to the architecture of JDE, Menu Filtering is not enough to ‘secure’ the system completely and therefore different Security types exist to help control the users on the system.

Ensure a Fully-Closed System When implementing a deny-all security model, the best approach is to lock down at least both application and action code security. Because the default state of a JDE system is open in the absence of a security record, locking just one or the other results in a system that is potentially vulnerable.

The procedure for implementing a closed system is now well proven and can be achieved quickly and with minimal disruption for end users.

The cost of the solution is minimal compared to the time, effort and disruption for end users when doing the lock down using standard E1 features. 

Once complete you will be in a position to undertake effective compliance reporting and segregation of duties reporting – ALLOut Risk Reporting Module will assist with this.

If you find that you are having segregation of duties issues with your role structure then you will need to re-structure your roles using the Supergrid and the ALLOut CombiRoles module.

The Risk Management Module takes role assignment to the next level.  You can use it to stop a role being allocated that will cause a SOD breach.  It also has advanced audit trail and reporting features.