Image
Overview
Fragmented JD Edwards security can affect audit readiness, inflate licensing costs, and slow access-related tickets across the enterprise.
Our client, a leading producer of aggregates, cement, and construction materials, was operating two legacy JD Edwards environments, each with its own users, roles, task views, and Segregation-of-Duties (SoD) rules. Administrators duplicated every change, auditors reconciled reports manually, and dormant credentials remained even after employees left the company.
They engaged Birlasoft to consolidate both instances into a single, governed security domain to mitigate these security gaps. Through automated analysis, owner-led decision workshops, and turnkey migration utilities, Birlasoft delivered one audit-ready platform that now scales effortlessly with new plants and acquisitions.
Read how we enabled the client to achieve these outcomes below.
The Challenge
#1. Fragmented security across dual ERP instances
Our client’s organisation was running separate JDE 9.1 and 9.2 environments inherited from earlier rollouts.
Users held different credentials and role assignments across these systems, which obscured audit trails and made licence management challenging.
#2. Redundant and obsolete user/role records
Years of acquisitions and seasonal staffing had produced a long tail of inactive user IDs, expired contractors, and roles that no longer mapped to any job function.
These dormant and duplicated records increased maintenance effort, drove up licence costs, and left unmanaged credentials that could be exploited during a breach.
#3. Dual maintenance leading to SoD exposure
Security Workbench tables had to be updated twice (once per instance), which forced administrators to replicate every change and manually reconcile conflicting SoD rules.
This was further complicated by inconsistent policies that made it difficult to certify compliance on schedule. As a result, the admins risked overlooking conflicting combinations of duties.
#4. Disparate task menus and UDO controls
Task views, menu structures, and User Defined Object (UDO) permissions evolved independently in each JDE environment.
Employees performing identical roles saw different screens and options, which increased training time and slowed productivity whenever staff rotated between divisions.
#5. Incomplete LDAP integration and manual provisioning
Active Directory synchronisation covered only part of the deployment landscape, so new hires, transfers, and terminations had to be entered manually in both databases.
Provisioning delays left field personnel without first-day access, while lingering accounts for departing employees violated corporate de-provisioning policy.
The Solution
Birlasoft executed a phased consolidation programme that combined the two independent JDE environments into a single, governed security domain. In the process, we leveraged automated solutions to mitigate weeks of manual effort, enabling an error-free cutover.
#1. End-to-end security inventory to identify key security gaps
Birlasoft began the engagement by exhaustively extracting user profiles, roles, task views, UDO rules, favourites, and security tables from both the 9.1 and 9.2 instances.
QSoftware’s import utilities loaded these artefacts into staging tables, generating a gap report that pinpointed duplicates, dormant IDs, and rule conflicts. IT, internal audit, and process owners reviewed the findings, and a phased migration roadmap was approved.
#2. Business owners-guided rationalization of users and roles
Using the discovery output, Birlasoft facilitated workshops where role owners decided whether each user or role should be merged, retained, or retired. Dormant IDs and roles with no security were marked for removal, and common assignments were consolidated into streamlined, job-based roles.
Pre-built templates accelerated redesign, and net-effect queries verified that cumulative access matched approved job duties before migration.
#3. Consolidated a single SoD ruleset with automated checks
SoD configurations from both legacy systems were compared side by side. Distinct rules were merged into one matrix, obsolete items were dropped, and mitigating controls were documented for residual risks.
The consolidated ruleset was uploaded to the new instance, and nightly QSoftware jobs now run conflict checks, alerting the administrators of exceptions on self-service dashboards for rapid remediation.
#4. Unified navigation, UDO permissions, and favourites
Task View/Task ID structures, UDO security, and personal favourites were mapped to the consolidated instance, ensuring that two employees performing the same role saw identical menus and shortcuts regardless of region.
Automation scripts were applied to handle the mapping, eliminating the need for manual menu rebuilds and reducing post-go-live training to a single global guide.
#5. Dual-workbench cutover and continuous support model
Security data moved in waves, each followed by mock release testing against audit reports. Two security workbench tables captured late-cycle changes until go-live in a scheduled weekend window with hyper-care support.
Post-implementation, dual workbench governance continues, with monthly compliance dashboards, continuous SoD monitoring, and structured promotion paths for new acquisitions or organisational changes. This helps the client keep the security landscape clean, compliant, and scalable.
The Impact
The key business benefits that we delivered to the client through this engagement:
- Security administration shifted to a single consolidated workbench. This eliminated duplicate maintenance, freeing administrators to focus on proactive governance.
- Retiring dormant IDs and unused roles shrank the active catalogue, reduced licence exposure, and shortened new-hire provisioning to a single-day task.
- A unified SoD ruleset is now checked nightly, and real-time dashboards give internal auditors continuous visibility.
- Common task views and UDO rules deliver a consistent user experience across all regions, cutting help-desk tickets and accelerating cross-division onboarding.
- Post-go-live, automated alerts on critical data changes and streamlined access-review workflows always keep the environment audit-ready.
With a single, audit-ready security instance, the client can onboard new sites securely and confidently scale their deployment.
Want to enhance your JDE security posture? Our experts are ready to work with you. Write to us at contactus@birlasoft.com today.
Other Case Studies
