Skip to main content

Nomasx-1 — Overview

Nomasx-1 is an enterprise security and compliance application. In one screen, it answers the questions an auditor, a security officer or a licence manager asks every quarter:

  • Who has access to what, on which environment?
  • Has any role been granted that should have expired?
  • How many of the Oracle and JD Edwards licences we paid for are actually used?
  • Are there users who can post a journal entry and approve it at the same time?

The application reads its source data directly — JDE security workbench, Oracle DBA views, LDAP — and presents it on a small set of grids, dashboards and reports. No exports to prepare, no spreadsheets to maintain.

At a glance

🛡 NOMASX-1 · Sidebar📊 Dashboard📁 SecurityUsers · Roles · SessionsSoD conflicts · Exceptions📁 ApplicationsJDE applications · forms📁 DatabaseVersion · options · users📁 LicencesCSI · JDE · OracleSubscribed licencesUsage reportFinancial report⚙ Settings👥 SECURITY & USERSUsers — creation, last login,expired roles, duplicates.Roles — assignments witheffective / expiration dates.LDAP / AD check — does theaccount still exist?Activity tracking — withoutturning JDE audit on.Custom attributes — tagtechnical vs functionalaccounts.📊 LICENCE COMPLIANCECSI — Customer SupportIdentifier + acquired licences.Active vs declared — whatJDE counts vs what was bought.Module usage — who reallyuses Financials / Distribution.Database — Oracle version,options enabled.Financial risk — moneyfigure + remediationsuggestions.⚖ SoDAutomated conflictdetection.Predefined andcustom matrices.Conflicts byprocess / activity/ risk.Auto-extractof security data.Reports —CSV / Excel,sign-off trail.

What it covers

Nomasx-1 brings three areas together under one application:

Security and users

The day-to-day view of who has access to what.

  • Users: every user the source systems know, with creation date and last login. Dormant accounts surface immediately; recent additions are flagged.
  • Roles and assignments: each role assignment carries effective and expiration dates. Roles that should have expired but were never removed appear in red.
  • Risk spotters: unassigned roles, duplicate users, technical accounts mixed with functional ones — all flagged automatically without manual review.
  • Directory check: every user is verified against LDAP or Active Directory — does the account still exist there, is it active?
  • Custom attributes: each user and each role can carry your own metadata — business owner, department, technical-vs-functional flag — and the reports use it.
  • Activity tracking: tracks user activity without turning JDE auditing on, so there is no operational impact on the source system.

Oracle and JD Edwards licence compliance

Side-by-side view of what was bought versus what is actually used.

  • CSI and acquired licences: import the Oracle Customer Support Identifier and the licences attached to it.
  • Active versus declared users: what JDE counts as a user versus what the contract entitles you to. The two diverge more often than expected.
  • Module access and transaction usage: per-module access trace — who really touches Financials, Distribution, Manufacturing. Drives the "do we still need this module?" conversation.
  • Database picture: Oracle version, edition, options enabled. The page an auditor asks to see when they want to know whether Advanced Compression or Partitioning is in use.
  • Usage versus entitlement: a single screen with what is used, what is bought, and the gap.
  • Financial risk report: the gap turned into a monetary figure, with remediation suggestions. The output an audit committee will read.

Segregation of Duties

Automated SoD analysis — the heart of an SoX-style compliance review.

  • Automated detection: every user's effective rights are crossed with the SoD matrix; conflicts surface per user × company, ranked by risk.
  • Predefined and custom matrices: shipped matrices for common ERP risks (post and approve, vendor and payment, …). You can layer your own matrices on top.
  • Process · activity · risk model: conflicts are described at the process and activity level — easier to read than raw role-against-role pairs.
  • Automatic data extraction: security data is pulled from JDE and Oracle on a schedule — no manual prep before each scan.
  • Reports: per-user, per-company and per-risk reports, exportable to CSV or Excel, with an audit trail of who cleared what and when.

The application map

The sidebar of Nomasx-1 follows the three areas above plus a Settings section.

SectionWhat you find here
DashboardA compliance snapshot: number of users, role expirations, open SoD conflicts, licence gap, last refresh status. Each card is a drill-through to the corresponding screen.
SecurityThe user catalogue, roles, role assignments, sessions, SoD conflicts and the exception register.
ApplicationsThe catalogue of JDE applications (programs and forms) with the rights each carries.
DatabaseThe Oracle database picture — version, edition, options enabled, declared users.
LicencesCSI, JD Edwards licences, Oracle licences, subscribed licences, the usage report and the financial risk report.
SettingsSource systems, scan schedules, SoD matrices, notification rules.

Who uses it

RoleWhat they typically open Nomasx-1 for
Internal auditorThe quarterly SoD review — which conflicts are open, who signed off the exceptions, what trend over time?
Security officerWho effectively has access to X right now? The day-to-day what-if before granting a new role.
JDE security administratorThe full user-and-role catalogue across environments — easier than navigating the fat-client security workbench.
Licence managerAre we paying for modules nobody uses? The usage report and the financial risk report are read together.
CISO / RiskThe compliance dashboard — the SoD posture trend, the licence gap, the user-account hygiene KPIs.

Roles inside Nomasx-1

The application itself ships four roles. They control what each user sees and what they can change.

RoleWhat it grants
ViewerRead every screen, run reports, no edits.
EditorEverything a Viewer does, plus update the SoD matrices, schedule scans, manage notification rules.
AuditorEverything a Viewer does, plus sign off exceptions. The only role that can close a flagged conflict.
AdministratorEverything above, plus manage the source-system configuration (JDE pools, Oracle DBA accounts, LDAP / AD mapping).

A typical deployment keeps Auditor separate from Administrator — the rule of thumb is the same SoD principle Nomasx-1 itself enforces: the person who configures the analysis should not be the one who signs off its findings.