Shulou(Shulou.com)05/31 Report--

This article introduces you how to manage the user rights of online ERP system. The content is very detailed. Interested friends can use it for reference. I hope it will be helpful to you.

In the software system industry for many years, Yiling often encountered the problem of many users asking the system how to set permissions, because the staff mobility of some enterprises is very large, if employees leave, it is obvious that the department can no longer allow them to log in, or someone is transferred, then the original operation is also not suitable. How should the user rights of online ERP system be designed and implemented to help enterprises solve these doubts to the greatest extent?

The business processing supported by the ERP system and the large amount of data to be processed are important resources for the enterprise and should be specially protected. In order to prevent illegal users from using the system and legitimate users from illegally accessing the system, it is necessary to take protective measures to the application system. Reasonable user and rights management is an effective means, which can greatly reduce the security risk of the application system.

In the ERP system, the system authority administrator assigns the corresponding permissions to each user according to his post and job responsibilities. If the authority assigned to the user is not enough, it can not meet the needs of the user's business operation; but if the assigned authority is too large, the user may exceed his authority to perform some operations, bringing risks to the system data and the company's business security. The scope of application of online ERP in many enterprises involves our department and its subordinate accounting units, with many department posts and a large number of users, so it is particularly important to establish a standardized system user rights management mechanism.

1. Authorization mechanism of ERP system

Many ERP systems adopt the role-based access mechanism (Role-Based Access Control,RBAC), which is popular in the world at present. The role is divided into a single role and a compound role, a single role refers to the collection of Transaction Code, but also includes the permission objects, permission fields and field values required by the transaction code, which jointly determine the operation scope of users with this role in the system, while the compound role is a collection of several single roles.

Users' business processing in the online ERP system is realized through a variety of transaction codes, each of which corresponds to a different functional program. The design of the program not only implements the basic functions of business processing, but also includes the authorization check (Authorization Check) needed to execute the transaction code. When you create a new user ID, the default permission for that user ID is blank and does not have the right to do anything. Authorization for a user actually grants different permissions to different users through roles or directly through permission parameter files, and his authorization information is recorded in the user's master record after authorization. When a user executes a transaction code, the program corresponding to the transaction code checks the authorization information in the user's master record, and if the check is passed, it shows that the user has the operation authority, and the business can proceed smoothly, on the contrary, the system automatically terminates the transaction processing and prompts the user to have no right to use it.

2. Design of user rights management process

2.1 the mode of traditional user authority change and the existing problems the traditional authority application process is that the end user fills in the "user permission Application form" according to the actual needs and submits it to the system authority administrator, who approves and approves it according to the user's position and responsibilities, and makes the corresponding authority adjustment in the system after the examination and approval, and feeds back to the end user at the same time.

Although the traditional authority application process also implements unified and centralized management of the system user rights, there are many drawbacks: the examination, approval and maintenance of the authority application are completed by the authority administrator. The administrator's familiarity with the post responsibility distribution and business operation of the business unit is limited, so it is difficult to determine the rationality of the permission application submitted by the end user. The end user does not understand the composition of permissions, and it is difficult to judge the specific content of the role from the role description alone, resulting in the final application of permissions inconsistent with the required permissions; users usually apply for permissions by phone or e-mail, with the passage of time, the amount of data applied for change gradually increases, and the user and rights management become extremely confused. When the permission administrator deals with the permission application, he often needs to communicate repeatedly to complete the final permission adjustment and record archiving, and it is inevitable to make errors when making the permission adjustment, which makes the administrator's workload heavy and inefficient.

2.2 in view of the problems existing in the traditional authority application process, Yiling Network optimizes the traditional process and changes the process of user authority change from technical maintenance to business operation with the participation of technology and business departments. the three-level process of authority management is realized.

(3) Scheme design

3.1 Modular structure through the analysis of business processes and management needs, the whole user rights change module design includes three main modules: end-user creation application sub-module, business department approval sub-module and information department execution sub-module. Two auxiliary modules: administrator maintenance sub-module, report query sub-module.

3.1.1 user creation application sub-module users submit permission change applications and create permission change application forms in the ERP system. The types of permission changes include new users and permissions, existing user rights changes, locking / unlocking users.

3.1.2 after the application for permission change created by the approval sub-module of the business unit is submitted, the person in charge of the examination and approval of the business unit shall carry out the corresponding examination and approval according to the actual needs of the user's business (process Ⅱ-examination and approval of the business department).

On how enterprises manage online ERP system user rights to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.