Skip to main content

Roles

The Roles screen lists every role defined in the security tables of each connected application. One line per (Application, Role) pair: it is the authoritative inventory of the role names users are allowed to be assigned to.

A role is the permission container the source system exposes — *ROLE on JD Edwards EnterpriseOne, PFCG profiles on SAP, permission sets on NetSuite. Nomasx-1 reads the catalog as-is from the source.

At a glance

Nomasx-1 · Security · RolesAPPROLE IDROLE NAMESEQ12*APPROVERApprover — generic1012ACCT_APAccounting — Accounts Payable2012ACCT_ARAccounting — Accounts Receivable2012PRJMGRProject Manager301 — 50 of 218

Goal of the view

For each role known to any connected application, answer three questions in one glance:

  • Which roles exist? The role catalog drives every other security view — assignments, conflicts, segregation-of-duties matrices.
  • What does the role represent? The role name is the human-readable label visible to administrators. It should be self-explanatory and follow the company naming convention.
  • In what order is the role evaluated? The sequence drives the precedence at login when the source system lets a user inherit configuration from several roles. Lower number = earlier evaluation = stronger precedence (JDE convention).

The screen is the entry point when an auditor asks "give me the list of roles in scope" or when a new SoD matrix is being built.

Columns

ColumnSourceWhat it tells you
Application IDROL_APPS_ID — application identifier from the source system (numeric reference).Which application the role belongs to.
Role IDROL_ID — role identifier (technical name).The role's technical name as known to the source system.
Role NameROL_NAME — descriptive name.Human-readable label.
SequenceROL_SEQ — numeric.Evaluation order at login. Lower runs first; used by the source system to resolve precedence between several roles held by the same user.

Hidden columns kept on the row: ROL_DT_REFRESH, ROL_UKID (used by downstream screens and reconciliation).

The single filter input above the grid (Application ID) supports the standard contains / equals / not equals / starts with / ends with operators.

JDE-specific

On JD Edwards EnterpriseOne, *ALL is the default sign-on role — when a user signs on with *ALL, the security of every role assigned to them is combined and applied at once. The alternative is to sign on under a single specific role, applying only that role's security. Whether or not *ALL appears as a literal row on the Roles catalog depends on the installation: most do not need explicit *ALL-level overrides.

Tips & best practices

  • Compare the catalog with the Roles not used screen to spot roles that exist but were never assigned. These are typically the leftover of past reorganisations.
  • Look for near-duplicate role names (e.g. ACCT_AP vs ACCT_AP_OLD). A role rename in the source system creates a new row — the old one usually stays around until a manual cleanup.
  • Use the Sequence column to identify the role with the lowest sequence that a user holds — this is the role driving most of the runtime behavior on JDE.
  • Click on a role to open the Assignments screen filtered on that role — the fastest way to count holders before deciding to delete it.