PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 07/16/2014 9:26 AM by  Woozy
Admin_ST
 3 Replies
Sort:
You are not authorized to post a reply.
Author Messages
Jay2
Private
Private
Veteran Member
(166 points)
Veteran Member
Posts:74


Send Message:

--
06/24/2014 2:15 PM

    Is Admin_ST considered a "Super User" role?
    Woozy
    Private
    Private
    Veteran Member
    (3469 points)
    Veteran Member
    Posts:701


    Send Message:

    --
    06/24/2014 2:50 PM
    I guess that depends what you mean by "Super User". Admin_ST is the most powerful admin role, and has access to do almost everything, so I think you'd want to limit it to a very few people beyond "lawson", your security team, and maybe your system admins.

    It would be better to create custom roles that are more limited than Admin_ST and tailor them to the needs of your different "Super Users"

    Much of this depends on your company's security philosophy and separation of duties. Internal audit types tend to get really jumpy when they see people with "Admin" roles in Production environments.

    Good Luck!
    Kelly Meade
    J. R. Simplot Company
    Boise, ID
    Jay2
    Private
    Private
    Veteran Member
    (166 points)
    Veteran Member
    Posts:74


    Send Message:

    --
    07/16/2014 8:16 AM
    Thanks Kelly. We were advised to give it to all of our Department of Personnel.
    Woozy
    Private
    Private
    Veteran Member
    (3469 points)
    Veteran Member
    Posts:701


    Send Message:

    --
    07/16/2014 9:26 AM
    Whoa. In our world, the answer to that would be not only "NO", but "Heck NO!!!" (or words to that effect).

    There should be no reason for someone other that a true application support or security person to have that role. It gives the user has the ability to view and update everything - positions, salary grades, performance reviews - and has the ability to do direct-update (i.e. skip the "action", and bypass approvals and auditing), etc. Yes, the changes go into the audit log, but still.

    I'm not sure who "advised" that, but our experience has been that Global Support and Consulting Services both tend to suggest this sort of thing because it makes life easy - none of those pesky security rules that make the application do funny things and make it perform slower.

    In our production environment, our company of 8,000 employees only has three or four people with "Admin" roles - and most of them have customized roles rather than the delivered Admin role. Development is a different issue, and we have a couple dozen people with the Admin role there.

    Good luck!
    Kelly Meade
    J. R. Simplot Company
    Boise, ID
    You are not authorized to post a reply.