slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Roles, Menus and Security Best Practice: Process Based Roles Kristina O’Leary Brian Connor JD Edwards E1 Xe throu PowerPoint Presentation
Download Presentation
Roles, Menus and Security Best Practice: Process Based Roles Kristina O’Leary Brian Connor JD Edwards E1 Xe throu

Loading in 2 Seconds...

play fullscreen
1 / 57

Roles, Menus and Security Best Practice: Process Based Roles Kristina O’Leary Brian Connor JD Edwards E1 Xe throu - PowerPoint PPT Presentation


  • 859 Views
  • Uploaded on

Roles, Menus and Security Best Practice: Process Based Roles Kristina O’Leary Brian Connor JD Edwards E1 Xe through to Version 9. Product Awareness Sessions. ALL Out Webinar Program www.alloutsecurity.com Product Awareness Sessions (English, Spanish and French)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Roles, Menus and Security Best Practice: Process Based Roles Kristina O’Leary Brian Connor JD Edwards E1 Xe throu' - kirk


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Roles, Menus and Security

Best Practice: Process Based Roles

Kristina O’Leary

Brian Connor

JD Edwards E1 Xe through to Version 9

product awareness sessions
Product Awareness Sessions
  • ALL Out Webinar Program
    • www.alloutsecurity.com
  • Product Awareness Sessions (English, Spanish and French)
    • ALL Out for EnterpriseOne
    • ALL Out for World
    • ALL Out for IBMi
  • Education Sessions
    • Reporting, Segregation of Duties and Compliance
    • Multiple Roles
    • “Open to Closed without Pain” (E1 only)
    • ALL Out Product Awareness
    • Task View Best Practice
  • Technical Webinars – E1
    • Cost justifying an upgrade
    • Choosing the right platform
all out for e1 xe to version 9 agenda
ALL Out for E1 – Xe to Version 9Agenda
  • ALL Out the company
  • Product Strategy
  • Common Practice vs. Best Practice
    • Multiple Roles in Standard E1
    • Best Practice for Roles
    • Best Practice for Menus (Task Views)
    • Best Practice for Security
  • StartOut Template from ALL Out
    • Standard Process Based Roles
    • Standard Task View
    • Role Based Security
    • E1 Pages
  • Demonstration
all out
ALL Out
  • Colorado Registered LLC
  • Oracle Partner
  • Software has been Validated by Oracle
  • JD Edwards World and EnterpriseOne solution provider
  • Established in 2004 to address security and SOX issues faced by JDE clients
  • Product implements “Best Practice” E1 V9 (in all versions - even in Xe)
    • Security Set-up and Management
    • Menu Set-up and Management
    • Multiple Roles Management
    • Reporting & SOD Rules and Reports
  • ALL Out is a Toolset to help manage standard JDE tables
e1 customers 140
Hickory Springs - NC

Korbel Champaign - CA

Spirax Sarco - UK

PowerStream - ON

ERCO - ON

Menu Foods - ON

National Oilwell - TX

Nektar - CA

AEP – NJ

Dean Foods - TX

Diamond Foods - CA

Harlan – IN

Colbond – NL

Meritage Homes – AZ

Multotec – South Africa

Santam – South Africa

JP Avax - Greece

Hard Rock Hotel - MS

Mizuno - GA

Choctaw Nation - OK

Henry Company - CA

WBIP – ND

Beverly Micro – MA

Hanson – UK

Valley Crest – CA

Norgine – UK

Bellco Health - NY

Kenwood Trucks - ANZ

Oil Search – Australia

Mary Kay – TX

Westfield – CA

Christies Auctions – UK

Al Baker – UAE

Henry Company - CA

E1 Customers – 140+
slide6

Role 90

Role 80

Role 70

Multiple Roles

As designed in E1

USER

Sign on

*ALL Roles

Tasks and 1 Task View

Role Based Menu Filtering

SECURITY

Role A

Role A

Role B

Role B

Security file empty

If set-up correctly

it virtually eliminates

security management.

All you are doing is assigning

and de-assigning roles

Role C

Role C

Menu + Sec. out of Synch

Role Sequencer Conflicts

Role D

Role D

Users Switching Roles

E

E

Reports & S of D?

F

F

best practice for roles
Best Practice for Roles
  • Achieve Best Practice
    • Use Role Based Menus and Security and E1 Pages
    • Small Process Based Roles – “Users change – Processes Don’t”
    • Process based roles are necessary to achieve segregation of duties
      • Role AP Manager will likely contain SoD breaches
    • Security needs to be “Deny ALL, Grant Back”
    • Role based security should be “Yes” settings at role level
    • Role based menu filtering
    • Have separate roles for functional security and data security
      • Application and action code security in functional role
      • Data security (row and column security) in a separate role
      • Allows for more flexibility and reusability when assigning roles to users
    • Roles should not have Segregation of Duties conflicts within them
    • Resolve role sequencer conflicts to user or Super Role
benefit of multiple role setup jde 8 9
Benefit of Multiple Role Setup (JDE 8.9++)

JD Edwards/Oracle has invested significant resources into developing multiple

role based menus and security in E1.The concept delivers tremendous benefits.

best practice for task views
Best Practice for Task Views
  • Achieve Best Practice for Task Views
    • Single Task View
    • Shallow Menus – one folder deep
      • Clicks cost you money
    • Remove “Dead Ends” using Menu Filtering
    • Use local language to reduce staff training
oneworld explorer menus xe erp8
OneWorld Explorer Menus (Xe/ERP8)
  • Users have one initial menu assigned in F0092 (‘G’ Menu)
  • Need to customize menus if you wish to restrict users to options without using F00950 security.
  • Tables are F0082 (menus), F00821 (menu options) and F0083 (menu descriptions)

ALLOut allows you to automatically convert to Solution Explorer – and optionally creating role Menu Filtering using users’ initial menus.

solution explorer menus erp 8 9 1
Solution Explorer Menus (ERP 8 – 9.1)

Task View

Applications

External Call

UBE’s

  • JDE programs and folders are defined as ‘tasks’ (Tasks Table F9000) usually as folders (type ‘07’) or as application (‘01’) or UBEs (‘02’).
    • ‘Alternative Language’ descriptions can be defined for tasks within table F9002(Task Alternate Descriptions)
  • Tasks are then assigned to one another within a parent/child relationship (Task Relationship F9001)

Solution Explorer permits multiple ‘task views’ to exist – However, ALLOut recommends the use of a single view for simpler maintenance

role based menu filtering finecut
Role Based Menu Filtering (FineCut)

Menu Filtering (Fine Cut in ERP 8.0) gives you the ability to hide tasks by role

  • Empty folders are hidden and user will have simpler menus.
    • Allows unauthorized versions to be hidden without requiring F00950 version level security.
  • In all versions of JDE, users can choose which role menu they see. We recommend you can force *ALL in 9.0.
  • The table that stores the fine cut records is F9006.
security best practice
Security Best Practice
  • You need Application and Action Code security
  • Operate in a ‘Closed’ or ‘Deny All’ security environment
  • Avoid using ‘N’ Settings, except at *PUBLIC
    • Security is easier to understand when the only ‘N’ records in the F00950 table are at *PUBLIC and *ALL level. You should not need many additional ‘N’ settings at the user or role level.
  • Use security sparingly at version level and form level
    • Use this only where specifically required.
  • Avoid user level security, put all security in roles
      • Exception: Resolve role sequencer conflicts at user level
    • Use small, processed based security so that your work is reusable and clean
  • Avoid putting ‘data’ security and ‘program’ security in the same roles
  • You will need little Solution Explorer Security
    • When you have a ‘closed’ system, you do not need Hyper Exit Security! This type of security creates maintenance issues in exponential proportion to the number of records you create.
why segregation of duties
Why Segregation of Duties
  • Why Segregation of Duties
    • Segregation of duties is critical for achieving effective internal control
    • Reduces risk of erroneous and inappropriate actions
    • Critical functions should be separated among employees
    • When functions cannot be separated, a manual review of activities is required
    • Segregation of duties is a deterrent to fraud. One user does not have sufficient access to perform all steps of a process
  • Example: A user can create a fictitious vendor or make changes to a vendor master file, enter a purchase order for this vendor, and then issue payment to the vendor.
  • Segregation of Duties in JD Edwards E1
    • There is typically more than one way to initiate a transaction
    • Securing access via a menu is not sufficient (too many row exits and forms exits that allow a user to access a program)
    • Determining high risk conflicts and implementing effective SOD rules requires a partnership between IT, Finance and Internal (or External) auditors
    • Automate user access reporting to determine what rules are being violated
jd edwards hierarchy of effective security records xe erp8
JD Edwards “Hierarchy” of effective security records (Xe/ERP8)

User

Strongest

*Group/Role

Weakest

*Public

jd edwards hierarchy of effective security records 8 9
JD Edwards “Hierarchy” of effective security records (8.9++)

User

Strongest

Role #20

Role #10

Weakest

*Public

jde role sequencer 8 9
JDE Role Sequencer (8.9++)
  • A role is defined in F0092 but its description and sequencer number is defined in F00926!
    • (Note F00926 does not exist in Xe or ERP8)

Row security in E1 – Only the role with the highest role sequence is used.

best practice for process based roles

Best Practice for Process Based Roles

Standard Roles

Task View

Security

E1 Page Generator

slide22

Process Based Implementation

Tasks & Task View

E1 Pages

Standard Process Based Menus & Roles

Your

Menus & Roles

Standard Roles

Role Based Security

copy roles from spreadsheet into all out user role maintenance form create f0092 records for roles
Copy Roles from Spreadsheet into ALL Out User/Role Maintenance FormCreate F0092 Records for Roles
slide29
Paste into ALL Out Security Upload FormCreate F00950 Security RecordsApplication and Action Code Security for ‘DENY ALL’
slide35
Paste into ALL Out Menu Management Gridand click Update to DatabaseCreate F9000 and F9001 Task and Task Relationship Records
slide38

Specify Output Location:dat_file is in folder where E1 Generator residesSee Oracle Support Document 1401833.1 (E1: E1Page: Overview, Download, and Quick Start Guide for the E1 Page Generator)

For Tools release 9.1.2 or higher

For Tools release 9.1

define activity status flows p982405
Define Activity Status Flows: P982405

Simple Status Flow: Editing to Approve. Status flows can be as restrictive or lenient as you need them to be.

from published user generated contents click add and assign users and or roles to page
From Published User Generated Contents: Click Add and Assign Users and/or Roles to Page

Page Name

User/Role

all out contacts
ALL Out Contacts

Sales Support

Hazel @ alloutsecurity.com

Consulting

Brian Connor

Brian.Connor@ alloutsecurity.com

Kristina O’Leary

Kristina.Oleary@alloutsecurity.com