Hosted by Chandra Wobschall and Paul Houtkooper

Hey JDE Connection listeners! We’re kicking off a special multi-part series diving deep into one of the most discussed—and debated—topics in the JD Edwards world: security. In this episode, we bring together a stellar panel of experts for a wide-ranging conversation on how different organizations manage JDE security, who owns it, and how practices are evolving. With us for this discussion are three seasoned JDE pros:

• Andrew Ostdiek – Senior Business Analyst at J.F. Shea Co, Inc, with over 23 years in JDE roles
• Matthias Freitag – Team Lead CNC at the H&R Group in Germany (our first European guest!)
• Nimesh Patel – JD Edwards consultant-turned-employee at Hoffman Construction Company

Why This Conversation Matters

If you’ve ever wondered who really owns security in JD Edwards, the answer (according to Clayton Seeley in Episode 48) was simply: “Yes.” Meaning—it’s shared. And this episode confirms it. Everyone we spoke to echoed a blended, cross-functional approach involving CNC teams, business analysts, end users, and auditors.

We wanted to explore how that shared responsibility plays out in real organizations—and what best practices look like when the rubber meets the road.

Highlights from the Conversation

1. Blended Ownership is the Norm
   Across the board, our guests described security ownership as a shared responsibility. Business analysts often define requirements, CNC teams handle setup and configuration, and service desks or centralized IT teams manage user provisioning. Final signoffs vary—but everyone agrees that it takes a village.
2. Segregation of Duties (SoD) is Driving Maturity
   Several guests discussed implementing formal SoD frameworks in response to audits or data sensitivity. Matthias described a massive effort to redesign 200+ end-user roles, driven by internal audit requirements. For many, SoD is the trigger that forces more formal processes and consistent governance.
3. Process-Based, Role-Driven Models Are Standard
   Most organizations are using process-based roles, sometimes layered with company, business unit, or region-specific data security. Everyone agreed that role-based access remains the best model for managing complexity and scale—but it has to evolve with your organization.
4. The UDO Factor: A New Layer of Complexity
   User Defined Objects (UDOs) have created new security considerations. We talked about the fine line between empowering users and maintaining control. While tools like grid formats and saved queries are relatively safe, orchestrations, logic extensions, and form extensions require tighter oversight.

Andrew summed it up best: “As our UDO footprint grows, so do our responsibilities.”

Lessons Learned

• Security is never “done.” It evolves with your organization and tools.
• Collaborative governance is key. The best outcomes happen when IT, CNC, BAs, and business leaders work together.
• Think ahead with UDOs. As adoption grows, so should your strategy for securing them.
• Don’t overlook the simple stuff. Something as small as notification visibility or grid format access can impact user experience and data security.

Midwesternism of the Day

No episode of The JDE Connection would be complete without a Midwesternism, yeah, no, yeah?! Yeah, no, for sure!

Join the Conversation

Got your own thoughts on JDE security ownership or UDO security practices? We’d love to hear them. Drop us a line at thejdeconnection@questoraclecommunity.org.

Until next time, let’s keep learning, sharing, and most importantly, laughing together!

Toodles!

Missed an episode? Check out the full episode list! Also, be sure to subscribe on your favorite podcast provider, or select a provider below!

Learn More

Quest Oracle Community is where you learn. Ask questions, find answers, swap stories and connect to other JD Edwards customers and product experts in the JD Edwards Community, where you can also check out what’s happening in the Business Analyst SIG.