Skip to main content

Nomasx-1

Enterprise security · Licence compliance · Segregation of Duties

One platform for everything an
auditor or licence manager asks for.

Built first for JD Edwards EnterpriseOne on Oracle — a dedicated connector reads the JDE security workbench, the user / role / environment tables, the Object Usage Tracking history and the underlying Oracle instance in one pass. The architecture has since opened to other ERPs and databases, but a JDE customer plugs in and is immediately operational, with no manual export and no BIP job to run beforehand.

JD Edwards EnterpriseOne — flagship supportOracle Database — dedicated audit scriptsSAP · NetSuite · custom ERPMSSQL · HANA · PostgreSQLLDAP · Active Directory · On-premise
Flagship combination
JD Edwards EnterpriseOne · Oracle Database

The Nomasx-1 JD Edwards connector is the original engine of the product and is included out of the box. It logs into the JDE security tables (users, roles, environments, security workbench, menus), pulls the Object Usage Tracking history from JDE Object Librarian and reads the Oracle DBA views on the underlying database — all from a single configured datasource. The JDE-on-Oracle customer goes from install to a first audit-ready picture in hours, not weeks.

Security tables
Users, roles, role relationships, environments, security workbench — read live.
Object Usage Tracking
Per-component user counts and last-use dates straight from the OUT history.
Oracle audit scripts
Detect the Oracle options, packs and features actually used on each instance — required-licence inventory in one click.
No source-side change
No BIP job to schedule, no JDE audit to turn on, no extra account to provision beyond a read-only datasource.

The problem Nomasx-1 solves

The teams who need to answer compliance questions never look at the same screen. Security data sits in the ERP security workbench, licence data in spreadsheets the procurement team maintains by hand, SoD findings in an Excel matrix that has not been refreshed in months, and database options in DBA views nobody outside IT can read.

Without a unified view
Dormant accounts keep their rights
A user who left a year ago still holds the AP-approval role. A SoD conflict opened in March is still open in October. Nobody catches it until the next audit.
Without usage evidence
Licence cost grows on autopilot
The renewal arrives. No-one can tell which JDE modules are actually used or which Oracle options run on the database. The safest answer is to renew everything — at full price.
Without continuous SoD
SoX findings show up too late
The SoD matrix is in an Excel file on someone's laptop. The check is done once a year, two weeks before the auditor arrives. Every finding becomes an urgent remediation.

Nomasx-1 replaces the spreadsheets, the manual exports and the once-a-year scramble with a continuous picture maintained by the product itself.

What Nomasx-1 is

A single platform that pulls every relevant source — ERP, database, directory — and turns it into a small set of grids, dashboards and reports the compliance team uses every day.

Sources connected
ERP security workbench
JDE · SAP · NetSuite · custom
Database catalogue
Oracle · MSSQL · HANA · PG
Directory
LDAP · Active Directory
Object Usage Tracking
per-component activity
Nomasx-1
The compliance & licence platform
Inventory
users · roles · rights
Track usage
OUT · activity log
Analyse SoD
matrix · conflicts
Optimise cost
licences · packs
Outputs
Compliance dashboards
SoD posture · expirations
Licence reports
usage · subscribed · gap
Excel exports
per department · per app
Sign-off trail
exceptions · approvals
Source-agnostic
JDE today, SAP tomorrow, a divested entity on NetSuite — a new connector plugs in without touching the rest of the product.
Continuous
Scans run on a schedule. The dashboard the auditor opens at 9 am is the picture from the last scan, not last quarter's spreadsheet.
Audit-ready
Every grid exports to Excel, every exception leaves a sign-off trail, every change to the SoD matrix is logged.
On-premise
Single-tenant deployment. Security data, licence figures and SoD findings stay inside your perimeter — no SaaS upload.

The four pillars

01 · Security & identity
Who has access, and is it still needed?
  • Master list of users with creation, last login, last activity and ERP attributes.
  • Role assignments with effective and expiration dates — expired-but-still-active surfaces in red.
  • LDAP / AD cross-check — every ERP account is matched against the directory.
  • Duplicate users, dormant accounts, accounts without any role — flagged automatically.
02 · Object Usage Tracking
What is actually used — by whom, how often?
  • Records every object call on the connected applications and aggregates by licence component.
  • Distinguishes the dormant access (granted but never used) from the active access.
  • Per-component user counts and last-use dates — the evidence behind the licence figures.
  • Captured passively — no need to turn the ERP's own audit on, no operational impact.
03 · Licence compliance
What is paid, what is needed, what is the gap?
  • Customer Support Identifiers and the licences attached to each — the contractual side.
  • Per-database list of required Oracle options based on what the collection scripts found on the instance.
  • JDE per-app cohorts — enabled users, transactional users, dormant accounts, orphan transactions.
  • Usage Report and Financial Report — required vs subscribed and the monetary gap.
04 · Segregation of Duties
Where are the conflicts — and who cleared them?
  • Editable SoD matrix — predefined ERP risks plus your own additions.
  • Process / activity / risk model — conflicts described in business language, not raw role pairs.
  • Conflicts ranked per user, per role, per object — the order in which to remediate.
  • Proven conflicts split out from theoretical ones — only the user actions that actually happened.

A sample of what you see

The licence compliance picture, one row per database × component, with a green / red indicator straight from the collection scripts — the dashboard a licence manager opens before every renewal.

Nomasx-1 · Licences · OracleCATEGORYCOMPONENTREQUIREDAPPDatabase Enterprise ManagementDiagnostics PackJDE_PRODOracle DatabaseOracle Enterprise EditionJDE_PRODOracle Enterprise Edition OptionsActive Data GuardJDE_PRODOracle Enterprise Edition OptionsPartitioningJDE_PRODOracle Enterprise Edition OptionsReal Application ClustersJDE_PROD

A second example: a Segregation-of-Duties summary by user, with the conflicts ranked by risk and the proven ones marked.

Nomasx-1 · Applications · Conflicts · Summary by UserUSERPROCESSRISKSEVERITYPROVENDUPONT.JProcure-to-PayCreate supplier & post paymentHighMARTIN.SOrder-to-CashIssue invoice & receive paymentMediumGARCIA.LRecord-to-ReportPost journal & approve closeHigh

The application map

The sidebar splits the day-to-day work into five sections plus the configuration area.

SectionWhat it covers
OverviewThe dashboard — open conflicts, expiring assignments, licence gap, last refresh status.
SecurityUsers, roles, role assignments, role matrix (combinations), duplicate users, users without roles, LDAP / AD reconciliation.
ApplicationsPer connected application: menus, rights (per user, per role, combined), Object Usage Tracking (components, objects, details), Conflicts (summary, by user, by role, by object), Activity Log.
DatabaseOracle properties (edition, packs, options, partitions), Audit Trail (Oracle archive log changes), Audit Lookup (row-level before / after).
LicencesCSI contracts, JD Edwards licence picture, Oracle licence requirements, Subscribed Licenses, Usage Report, Financial Report.
SettingsSource-system definitions (applications, JDE schemas, Oracle catalogues), LDAP department mapping, SoD configuration (processes, activities, risks, objects, matrix), pricing catalogue, security and AD flags.

Who uses it

RoleWhat they typically open Nomasx-1 for
Internal auditorThe quarterly SoD review — open conflicts, exception sign-offs, trend over time.
Security officerDay-to-day "who has access to X" — the user-and-role catalogue, with dormant accounts and expired assignments flagged.
JDE security administratorCross-environment user-and-role catalogue, easier than the JDE security workbench, with bulk edits in Nomajde when changes are needed.
Licence managerRequired-vs-subscribed reconciliation, Object Usage Tracking evidence, financial-gap report before each renewal.
CISO / RiskThe compliance dashboard — SoD posture, account hygiene KPIs, licence exposure.
DBAThe Oracle picture — options, features, partitions — without writing a single query.

Roles inside Nomasx-1

The application ships four roles. They control what each user sees and what they can change.

RoleWhat it grants
ViewerRead every screen, run reports, no edits.
EditorEverything a Viewer does, plus update the SoD matrices, schedule scans, manage notification rules.
AuditorEverything a Viewer does, plus sign off exceptions. The only role that can close a flagged conflict.
AdministratorEverything above, plus manage the source-system configuration (ERP datasources, Oracle accounts, LDAP / AD mapping).

A typical deployment keeps Auditor separate from Administrator — the same principle Nomasx-1 itself enforces: the person who configures the analysis should not be the one who signs off its findings.