[In this series, we’re looking at quick fixes to improve GP security. ]
As users make security changes like the ones described, there are often requests to retain excess access. The key with these is to really consider job being done and ask lots of questions.
For example, the CFO role should be an executive job, not a job that involved entering journal entries. In most organizations, that same thinking should apply to the Controller position. A Controller may help shape a journal entry, assist with getting the accounts right, etc, but the Controller should be asking someone else to make an entry, not processing transactions. Executive jobs are not transactional jobs.
This trickles through to other roles as well, and it’s important to ask the same questions.
What is this person’s job? Their responsibilities? Their role in the organization? What access is appropriate?
In many cases users ask for convenience access. For example, a request may be for access to window that is the only place with a certain piece of information. Vendor Maintenance is one example. The Vendor Inquiry window doesn’t contain everything on the Vendor Maintenance window. This is trap. Grant access to a report or SmartList instead. If the user needs the information, the format its delivered in should be less of an issue.
If there are alternative ways to accomplish the same result, use those. If not, companies need to consider the risk/benefit of allow excessive access.
Requests like these may be made to support or backup another individual, but granting access year-round to back up two weeks of vacation leaves a pretty big hole open most of the year. It’s convenient for the user and administrator to grant this access, but it’s a poor security choice. Is the benefit of not changing security twice a year worth 50 weeks of risk?
This series is just a start. It won’t solve all of a companies security needs or plug every hole, but the items we’ve covered can address significant, pervasive issues and provide a solid foundation for long-term security improvement.
You can find all of the fixes in this series at GP Easy Security Fixes.