We have all seen it happen. An ERP system is implemented five or ten years ago with a clean, theoretical security model. But then, reality sets in. Employees change departments, people leave, “temporary” access is granted during crunch times, and new users are set up by simply copying the permissions of existing ones.
Fast forward to today, and your ERP security landscape likely looks like a tangled web.
For IT Directors and CFOs, this isn’t just an organizational mess; it is a significant risk. Poor role design leads to two major enemies of compliance: Role Bloat (users having far more access than they need) and Toxic Combinations (access rights that, when held together, allow for fraud).
If you are worried about your upcoming external audit, look for these five tell-tale signs that your role design needs an immediate overhaul.
1. The “Super User” Epidemic (Role Bloat)
The most obvious sign of broken role design is when a significant percentage of your workforce has “Super User” or “Power User” status.
This usually happens due to the “Copy-Paste” phenomenon. A new hire joins the Finance team. Instead of assigning them specific roles based on their job description, IT is told to “just copy Bob’s access.” The problem? Bob has been there for 10 years and has accumulated rights from three different previous roles that were never revoked. The new hire inherits all of Bob’s bloat.
The Risk: When too many users have broad access, the Principle of Least Privilege is violated. If everyone is a Super User, your data integrity is compromised, and auditors will immediately flag this as a lack of internal control.
2. Naming Convention Chaos
Can you look at a role name in your system (e.g., FIN_AP_CLERK_01) and know exactly what it does? Or do your roles look like USER_TEMP_REV3, PROJECT_X_ACCESS, or MARIA_BACKUP?
If your role names are cryptic, inconsistent, or named after specific people rather than business functions, your design is broken. Security roles should map to business processes, not to individual employees or temporary projects.
The Risk: If you don’t know what a role does by looking at it, you cannot effectively assess the risk it carries. This makes manual recertification of access almost impossible.
3. Toxic Combinations (SoD Conflicts) are Standard
A “Toxic Combination” occurs when a single role contains conflicting duties, or when a user is assigned two roles that conflict with each other.
The classic example is the “Create Vendor” and “Pay Vendor” conflict. In many poorly designed systems, a generic “Finance Manager” role might accidentally include both capabilities. Even worse, sometimes these conflicts are hidden deep within sub-sessions or table authorizations that aren’t immediately visible at the role level.
The Risk: This is the heart of Segregation of Duties (SoD). If your current role design inherently creates these conflicts, you are relying on mitigating controls (manual checks) rather than preventative controls (system restrictions). Auditors prefer prevention.
4. The “Emergency Access” Loop
How often does your helpdesk receive tickets saying, “I can’t do my job because I don’t have access”?
If your legitimate users are constantly blocked from performing standard daily tasks, your roles are too restrictive or, more likely, poorly defined. Conversely, if you are constantly granting temporary “Firefighter” access to fix issues, and then forgetting to revoke it, you are creating security holes.
The Risk: A high volume of access modification requests indicates that your role design does not match the actual business processes. This friction tempts IT teams to just “open everything up” to stop the complaints, leading us back to Sign #1.
5. Difficulty in Reverse Engineering Access
If an auditor asks, “Who has access to change the bank account details in the Vendor Master?” and it takes you more than five minutes (or complex SQL queries) to answer, your design is opaque.
In a clean role design, access is transparent. You should be able to trace a user to a role, and a role to a specific session or transaction code, instantly. If your roles are built with nested groups, complex exclusions, and manual overrides, you lack visibility.
The Risk: You cannot control what you cannot see. If visibility is low, you likely have “Ghost Users” or dormant accounts retaining high-level access without anyone noticing.
The Fix: Remediation vs. Redesign
If you recognize these signs, you have two choices:
- Remediation: Trying to patch the existing holes, remove specific conflicts, and rename roles. This is often a game of “Whack-a-Mole.”
- Redesign: Taking a “Clean Slate” approach. This involves building roles based on what the business needs to do today, ensuring SoD compliance is baked in from the start, and then migrating users to the new roles.
At Dynaflow Compliance Solutions, we specialize in helping organizations utilizing ERPs (like Infor LN) navigate this complexity. Whether it’s automating the detection of toxic combinations or helping you architect a compliant security model from the ground up, we ensure your next audit is boring—in the best possible way.