Category Archive

Below you'll find a list of all posts that have been categorized as “Access Management”

“But I need that access to do my job!”: How to Handle Pushback When Restricting Access Rights

If you work in IT security, compliance, or internal audit, you have undoubtedly heard this phrase. You analyze an ERP environment, discover a user with a toxic combination of permissions, and move to revoke that access to comply with Segregation of Duties (SoD) rules. And then, the pushback begins. “You’re slowing me down.” “I’ve always had this access.” “How am …

5 Signs Your Role Design is Broken: Identifying “Role Bloat” and “Toxic Combinations” Before the Audit

We have all seen it happen. An ERP system is implemented five or ten years ago with a clean, theoretical security model. But then, reality sets in. Employees change departments, people leave, “temporary” access is granted during crunch times, and new users are set up by simply copying the permissions of existing ones. Fast forward to today, and your ERP …

How Access Reviews Are Typically Conducted in ERP Environments (3)

Conducting access reviews in ERP environments involves a series of well-defined steps aimed at ensuring that access rights are appropriate and aligned with organizational policies. Understanding these steps can help organizations implement a robust access review process. Step-by-Step Process Planning and Preparation: The first step is to plan the access review process. This involves defining the scope, objectives, and timeline …

What Access Reviews Typically Entail in ERP Environments (2)

Access reviews are a systematic process aimed at ensuring that only authorized personnel have access to specific data and functionalities within an ERP system. Understanding what access reviews typically entail can help organizations implement them more effectively. Key Components of Access Reviews User Identification: The first step in an access review is identifying all users who have access to the …

The Importance of Access Reviews in ERP Environments (1)

Enterprise Resource Planning (ERP) systems are the backbone of many organizations, integrating various functions such as finance, human resources, supply chain, and customer relationship management into a single cohesive system. Given the critical nature of these systems, ensuring that only authorized personnel have access to sensitive data and functionalities is paramount. This is where access reviews come into play. Why …