Habit 8: Automate the New Routines – Implement a Process for Role and Authorization Changes

Leen RoeleveldBest Practices

After go-live, there will be situations for users not being able to perform their job because they don’t have the required authorizations. If this happens, at least it is a sign that authorizations were not given too generous. Nevertheless, these issues are to be resolved.

Understandably, users tend to take a short-cut, to get the required authorizations as soon as possible, by contacting the (applications) administrator and requesting extra authorizations. However, this would jeopardize the security of the system. Changing the role definition would allow all users with that role to have more authorizations. And maybe they shouldn’t. Giving the user an extra role (containing the requested authorization) would also give other authorizations, that maybe are not needed or undesired.
Therefore, a process should be in place to process these requests. See below for the process (Click image to enlarge).

The consistency of the role definitions (and therefore the security of the system) can only be safeguarded by having a structured process in place.

Stay tuned! Follow us at LinkedIn or FacebookLeave your e-mail address if you want us to send our blogs straight into your e-mail inbox.

Habit 7: Sharpen the Saw – Review Controls and Authorizations Periodically

Habit 6: Synergize – Implement SOD across ERP Solutions

Habit 5: Seek First to Understand, then to be Understood – Investigate Conflicts and apply Mitigating Controls

Habit 4: Think Win-Win – Utilize Existing Libraries for Conflict Identification

Habit 3: Put First Things First – Prioritize SOD Conflicts based on Risk Exposure

Habit 2: Begin with the End in Mind – Include Role Definition in Implementation Project

Habit 1: Be Proactive – Address Compliance Risks Already During Implementation

The 7+1 Habits of Highly Effective Compliance when deploying ERP Systems