To subscribe to JDEtips, go to
www.JDEtips.com/Subscribe.asp.
Laura Jackson reports on her recent engagement with Hamilton Sundstrand to identify
employees who have access to programs that create a potential conflict of interest. For example,
an employee should not be able to enter a voucher and cut a check. The project covered
Financials, Distribution, and Manufacturing, and used a combination of technical and
non-technical methods of discovery and analysis. Hamilton Sundstrand agreed to let Laura share
the discovery process with our readers.
Following is a table of security types that must be analyzed along with examples of their primary
uses.
Program Specifications:
Objective: Using Business Objects, gather security information from JDE EnterpriseOne to
analyze potential conflicts of interest. Build queries or use Microsoft Access to build your
comparison tables or files.
2. For each question determine which table(s) hold the information. Run the JDE cross-
reference application (P980011), which identifies what tables, fields, and applications are
used within each other. For example, the question of who could update the AP subledger?
The table for the AP subledger is the F0411. You can then look at the applications that could
update the F0411, using the cross–reference tool. Then list those applications that update
that table.
In EnterpriseOne there are some batch applications the can add, change, and delete data
within tables. They should be included in the list of applications for a table.
3. Join F01 to F02 by User ID FSUSER = ULUSER. This will capture the user ID, even if the
security is set up by group.
4. Join F02 to F04 by Address Book Number ULAN8 = ABAN8. This will give you the user
name (ABALPH).
5. Join F01 to F03 by Security Type FSSETY = DRKY by Product Code DRSY = 98 and User
defined codes DRRT = TY. This will give you the security type; e.g., ‘1’ action code security
(view, add, change, deleted or copy).
6. Identify Security Type - At specific object levels, you can set the levels of security, alone or in
any combination, for users and groups; i.e., Security Type ‘2’ (Column Security).
For example, if you secure a user from viewing the Salary field on the Employee Master
application, the Salary field does not appear on the form when that user accesses that
application.
7. Establish your questions. The following are samples of some of the segregation of duty
questions, with their respective tables and applications:
Purchasing Questions:
1. Who can create or change a PO or Req.? (Based on F4301 and F4311)
P40320, P4242, P43025, P430301, P43032, P43081, P4310, R43990, R47132