Our IT department has a report they run which is thousands of pages for our end users to sign off on with regard to security and what individuals have access to. I have two questions:
1. How are other companies getting sign off from the internal audit department on their security access and if they have it down to a few pages, did they go through and take off security they didnt need? Our issue is we as the person signing off does not know what some of these screens means and if we take it away...what else are we taking away that we shouldn't? For example if all the Gl folks do is use RW100, how do we know which access is needed for just RW100?
2. Is there someone or something that explains what security access is needed for certain screens. For example, our Property Records Manager only uses 4 screens in Lawson but she has 100's of pages that she is suppose to review. If we knew that we only wanted AC10, AC7 etc how do we know what security we need to access those?
Any help on security using LAUA would be helpful. We have not yet moved to LSF9 security. We are still on the old one.
IMO, it's not the IT area that should know this - it's the data owners and users who have the expertise - someone familiar with the system and how it's used. Technical text and data file text have the relationships, but again - if you don't know the system, its just a bunch of table names and form numbers. There's some nice relationship diagrams under the tech section, here -
If you don't have someone with overall knowledge of the system, do you have a test area that you could use in conjunction with your IT person to actually test out some of your questions?