J.D. Edwards Security using RBAC

As a highly configurable ERP solution, J.D. Edwards provides a lot of flexibility to its customers, and therefore complexity to its configuration. Security for an enterprise-wide project can become convoluted if a model isn't designed and enforced. Our team was recently chartered with this task of implementing security in J.D. Edwards OneWorld on an IBM I-Series. Although OneWorld security is incredibly flexible, it can also become convoluted and difficult to manage if a security model isn't created and enforced in the infancy of its implementation. The main problem stems from the rule that a user may have only one group. All of the user's permissions must be applied to that one group. It is a management nightmare that we intended to remove from our dreams. By using a variation of a Role-Based Access Control (RBAC) model and adhering to its principles, we were able to provide a quality security definition that met our business needs. The business needs were essentially to follow the CIA definition of security and be flexible enough to provide a granular solution. Confidentiality, integrity and availability requirements led to various security rules to prevent all user access unless specifically granted. Our logical security roles helped provide a granular solution by separating the users' duties into small groups.