3 Tips to Improve Your ERP User Access Strategy

By: Avaap
Date: December 03, 2019

3 Tips to Improve Your ERP User Access StrategyUsers of any ERP system must have access to the right data at the right time. This ERP user access must be policed, in other words, they can’t have access to everything, all the time. This is especially true when you consider that 37% of your employees, on average, use your ERP system. This includes anyone from a worker on the shop floor to your CEO, but each employee requires different levels of access to data.  Here are some useful pieces of advice to improve your ERP user access strategy.

1. Define any confidential data and set role-based access

Outside of payroll and human relations, very few will ever need to see employee tax identification and payroll rates. If your business differentiator is Grandma’s secret recipe, that should be identified and your ERP user access strategy should be updated accordingly. Do not get carried away with making a long list of data in these limited access categories. The important step in this process is not lengthening the list of restricted data, the crucial step is identifying which employee roles require access to this data.

2. Separate the internal user from the external user

Set up internal groups by categories or roles and provide access to input screens and datasets based on those roles. A common misconception is that role-based user access is best practice because of security issues. As much as this is a factor in role-based access, the main advantage of this strategy is the process efficiency improvements associated with role-specific data access due to reduced “noise” within the ERP system.

External users such as supplier or customer portals will always be limited within an ERP user access strategy. In the role-based model, external users will have very niche roles in the ERP system – their access will reflect that. If someone needs to see your inventory position for parts in a certain class, let them see only that part class.

3. Perform regular audits

This might be the most important tip for your ERP user-access strategy. You expect an accounts payable clerk to look at certain data. What else have they poked into? If it is innocent exploring, OK. If it raises a suspicion, set some alerts to warn you when suspicious behavior occurs. Track what data people are copying to spreadsheets. It is probably part of their jobs, but when it is being transferred out of your ERP system, your ERP security controls become worthless. Keep a close eye on any data copied to a thumb drive or shared on the internet. Have data policies in writing and expect all employees and users to follow that policy.

Part of the ERP audit is checking if people are in the correct role groups. One common problem is when someone changes positions; they get the new roles added to their security access and keep their old role too. Another common issue is providing access to every role for high-level people. Your sales VP, for example, should not have access to write a purchase order just because they are a VP.

Audits should be a part of internal controls and are required by Sarbanes Oxley for many businesses.

Author: Tom Miller

Tom Miller is a columnist for ERP Focus, and has completed implementations of Epicor, SAP, QAD, and Micro MRP. He works as a logistics and supply chain manager and he always looks for processes to improve.

Our Headquarters

Avaap USA, LLC
510 Thornall Street, Suite 250, Edison, NJ 08837

Phone: 732.710.3425
Fax: 732.243.9550
Email: info@avaap.com

Avaap Columbus
1400 Goodale Blvd, Suite 100, Columbus, OH 43212

Avaap Chicago 
625 W Adams St., Chicago, IL 60661

Global Center of Excellence Chennai
Chennai ONE, IT SEZ, Upper Stilt, Pallavarm-Thoraipakkam, 200 ft Road, Thoraipakkam, Chennai 600096. India

Global Center of Excellence Pune
Work Lab 2.0 5512, Ganeshkhind, Aundh, Pune 411007. India

Avaap UK
Unit 6 Heritage Way, Cannock, Staffordshire, WS11 7LT, UK

Avaap Spain
Viladecans Business Park, Australia Building. Street Antonio Machado 78-80, 1º floor módul D. Viladecans, Barcelona 08840 Spain

Avaap Amsterdam
Keizersgracht 62-64 Amsterdam, Netherlands 1015CS

Technical assistance for Avaap Managed Services and Product customers: support@avaap.com

Contact Us

Thank you for getting in touch. Let us know how we can help, and we'll get back to you ASAP!