Hosted by Chandra Wobschall and Paul Houtkooper

Hey JDE Connection listeners! We’re back with Part 2 of our in-depth conversation on JD Edwards security, where we peel back the layers of one of the most complex and ever-evolving topics in the ERP world. If you’re grappling with roles, audits, UDOs, or just trying to keep your system sane—this episode is for you. Once again, we’re joined by our brilliant panel of guests:

• Andrew Ostdiek – Senior Business Analyst at J.F. Shea Co, Inc, with over 23 years in JDE roles
• Matthias Freitag – Team Lead CNC at the H&R Group in Germany (our first European guest!)
• Nimesh Patel – JD Edwards consultant-turned-employee at Hoffman Construction Company

Why Naming Conventions Matter

We kicked off this episode with a laugh—but also a reality check—on what happens when you don’t have naming conventions for UDOs. Think dozens of “test01” grid formats cluttering up the system, users losing track of their own work, and login pages bogged down by over-shared E1 Pages.

Lesson learned? Start naming conventions early. It saves time, avoids confusion, and keeps your UDO landscape manageable. Our guests shared tips like using prefixes (e.g., FE for Form Extension) and leveraging community-sourced best practices.

Governance: It’s Not Just for Data

Naming naturally led to a conversation about governance. As we start using more Orchestrations, Logic Extensions, and advanced UDOs, governance becomes essential—not just to maintain order but to ensure secure, efficient performance.

Whether it’s setting publish permissions, managing environments, or establishing UDO security models, the consensus was clear: don’t wait until it’s a mess to put structure in place.

The Cost of Complexity

Andrew reminded us that complexity is the enemy of security clarity. Overengineered role structures become hard to manage, slow to troubleshoot, and risky to audit. Keeping things simple, explainable, and rational is the key to sustainable security.

Chandra shared how her organization is constantly evolving their model—balancing business needs with system performance and audit readiness. As Paul put it, “Security shouldn’t be an impediment.”

Audit Pressure is Real

Auditors are getting sharper. Matthias noted that where auditors once gave JDE a pass, today they want to know exactly what each role does. That means:

• Enabling security history and auditing tables
• Implementing segregation of duties (SoD) matrices
• Maintaining an auditable model that’s both transparent and defensible

And don’t forget the tools—JD Edwards has delivered enhancements like 21 CFR support for system tables and expanded security logging. Use them.

Dream States and Reality Checks

We asked our panel: Are you in your “dream state” when it comes to security?

• Andrew’s dream state? Business ownership of SOD and user groups.
• Nimesh? “Only when I’m sleeping.” A good structure, but more challenges ahead.
• Matthias? Achieved audit-readiness and happier users thanks to tools and a rebuilt model.

Final Thoughts

Security isn’t static. It evolves with every audit, UDO, and Oracle update. But with the right mindset, a little humor, and a lot of collaboration, it doesn’t have to be painful. And don’t worry—AI’s not fixing all of this (yet). 😉

Midwesternism of the Day

This week we explore Minnesota’s German culture and Chandra attempts to channel her high school foreign language classes!

Join the Conversation

Got your own security horror stories or success tips? Reach out to us at [email protected].

Until next time, let’s keep learning, sharing, and most importantly, laughing together!

Toodles!

Missed an episode? Check out the full episode list! Also, be sure to subscribe on your favorite podcast provider, or select a provider below!

Learn More

Quest Oracle Community is where you learn. Ask questions, find answers, swap stories and connect to other JD Edwards customers and product experts in the JD Edwards Community, where you can also check out what’s happening in the Business Analyst SIG.