After go-live, there will be situations for users not being able to perform their job because they don’t have the required authorizations. If this happens, at least it is a sign that authorizations were not given too generous. Nevertheless, these issues are to be resolved.
Understandably, users tend to take a short-cut, to get the required authorizations as soon as possible, by contacting the (applications) administrator and requesting extra authorizations. However, this would jeopardize the security of the system. Changing the role definition would allow all users with that role to have more authorizations. And maybe they shouldn’t. Giving the user an extra role (containing the requested authorization) would also give other authorizations, that maybe are not needed or undesired.
Therefore, a process should be in place to process these requests. See below for the process (Click image to enlarge).
The consistency of the role definitions (and therefore the security of the system) can only be safeguarded by having a structured process in place.
Stay tuned! Follow us at LinkedIn or Facebook. Leave your e-mail address if you want us to send our blogs straight into your e-mail inbox.
Habit 7: Sharpen the Saw – Review Controls and Authorizations Periodically
Habit 6: Synergize – Implement SOD across ERP Solutions
Habit 5: Seek First to Understand, then to be Understood – Investigate Conflicts and apply Mitigating Controls
Habit 4: Think Win-Win – Utilize Existing Libraries for Conflict Identification
Habit 3: Put First Things First – Prioritize SOD Conflicts based on Risk Exposure
Habit 2: Begin with the End in Mind – Include Role Definition in Implementation Project
Habit 1: Be Proactive – Address Compliance Risks Already During Implementation
The 7+1 Habits of Highly Effective Compliance when deploying ERP Systems