ERP system privileges being gradually enlarge, System privileges risk of loss of control, Segregation of duties

About ERP, Enterprise Resource Planning, ERP Software,

::ERP Softwares::

Overview ERP

ERP System Development

ERP System Technology

ERP Conception method

ERP System Implementaion Home Page

	ERP system privileges being gradually enlarge
ERP system privileges being gradually enlarge, System privileges risk of loss of control, Segregation of duties
System privileges being gradually enlarge and even the risk of loss of control Rights management within the ERP system is based on "role" launched the concept of a "role" on the distribution of power is reflected and embodied in a set of functions restricted license. Give an extreme example, if an ERP system, to every employee to establish a role and this role is only assigned to an employee, then a role within a certain competence, will not change in any of the rights of others impact. However, the general business do not do so, because if the number of employees more than one, ERP system, the role of the system would be too heterogeneous. Moreover, a role and another may be small differences between the roles, which can lead to data redundancy becomes significant. The general practice is to establish a common set of ERP roles, composite roles, role and composition of the role of a single system to authorize users. In other words, the role of an ERP system may be assigned to multiple users, this time because of an individual's needs change the permissions of a role in this respect may affect the role of the corresponding rights of other users. That this role will be to all users of the corresponding increase or decrease the authority at the same time. In view of this situation, a user fee increases on access, you should also sue the approval by its ERP system, corresponding to the role and this role associated with other users, making the exercise of the right of approval of the competent to decide whether to these associated with other users while increasing this permission. In fact, few businesses can do that. The usual practice is to apply a user opened a certain authority, in charge of confirmation the system administrator on the role of the user corresponds to a role on the selection rule of thumb, directly adding this feature. In this way, this role is associated with the other users of this feature is also automatically opened. In general, increased access to the user will not be the user complaints. Over time, authority was gradually amplified. To prevent this from happening requires a model of the "event-driven process," the rights management system, through the interrelated elements of the model characteristics, this information will be comprehensive, automatic, accurate and available to the approving authority maintenance staff, rather than manually through Excel tables plus the system queries the way to carry out such authority approval and adjustments. Segregation of duties can not be an effective system for the establishment and implementation Enterprise rights management is not just decide who the right to do, but also reflect the power of the inter-relationship constraints. Such as "referee" at the same time can not do "athlete" is the most well-known relationship between the power constraints. Reflected in the enterprise management, there are also several constraints, relations need to be taken into account in the rights management. For example, in general, a "customer credit management" can not have both "customer orders for maintenance" feature. Originally, credit management is a kind of sales orders for the control, if you want with the credit rating of poor customer entered into a contract, according to provisions might need to go through a series of more rigorous assessment and approval. Would have the advantages of information systems is the timely sharing of information and can be automatically locked to prevent without the approval of poor credit ratings directly to the customer orders situation. However, if an employee at the same time granted to the same "customer credit management" and "customer order to maintain" function, then the employee can directly a customer's credit from "poor" to "good", thereby bypassing the system automatic lock directly to this customer order. This authorization is a typical sense, violated the "separation of duties" principle case. A similar "separation of duties" principle is a lot of, for example in the system "to maintain price list" of people, should not be at the same time has an ERP of "the signing of customer orders" privilege. A "stock out of storage" operation rights of people should not have "entry inventory results" of the operating functions. "There input inventory results" feature people who should not have "accounting" function, and so on. Of course, these rules are sometimes is not absolute, and enterprises can be adjusted according to their own circumstances, some enterprises are not allowed, and the other companies may allow delegation of authority. In other words, "separation of duties" in thickness, depending on external risk management and control within the enterprise's needs and there is no absolute standard. However, in any case, each firm should establish a set of "separation of duties" system of rules, and then the development of their own management needs to be adjusted. In short, "separation of duties" principle is the "business event-driven", another analysis system authorized by the reasonableness of the important principles. Such rules for the establishment and effective implementation of risk control system is to establish the foundation, but also a scientific and meticulous business management is all about. However, in most of the ERP system, access management, this "separation of duties" principle is based on the Excel sheet to design, at the same time manually in the system to be maintained. In theory, an increase of staff to apply for a particular feature, the system administrator should identify the functions of this staff to apply for their open whether the existence of a breach between the existing features, "separation of duties" principle. However, because of an employee in the ERP system may also correspond to several roles, so the system administrator's work is evolving into the first corresponding to the identification of certain employees are currently all the roles, this role are listed in detail all the features of corresponding, and then a check function and an application for each opening of the new features if there is any contradiction between the "separation of duties," a matter of principle, and finally check the results communicated to the review and approval of the director, for their decision-making. If, we say the problem was complex and that the opening of this new feature for employees corresponding to the role of ERP systems may also confers additional staff, it should also consider the possibility of other employees because of this new feature added at the same time, there are also contrary to "separation of duties" principle. As a result, the system administrator's job becomes very complicated in. In fact, this operation is very difficult to be truly effective implementation. Over time, "separation of duties" principle in the enterprise rights management there is more than just a name only. To prevent this from happening, it is necessary in the model of the "event-driven process," the rights management system, based on the re-establishment of a model of the "separation of duties system" model of these two systems are interrelated, and can a comprehensive, automatic and accurate verification of the authorization system model and the warning issued by the relevant report, and thus solve the "separation of duties system" landing operational issues.