What is the fundamental concept behind the rule of least access? Explain why this is a potential problem in an ERP environment
Access privileges (permissions) should be granted on a need to know basis only. Nevertheless, ERP users tend to accumulate unneeded permissions over time. This is often due to two problems:
1 . Managers fail to exercise adequate care in assigning permissions as part of their role granting authority. Since, managers are not always experts in internal controls they may not recognize when excessive permissions are awarded to an individual. Managers tend to be better at issuing privileges than removing them. As a result, an individual may retain unneeded access privileges from a previous job assignment that creates a segregation of duties violation when combined with a newly assigned role
You might also like to view...
According to research by Shama Kabani, the number one reason people use social networks is to locate friends and interact with them
Indicate whether the statement is true or false
Unemployment benefits are excluded from gross income.
Answer the following statement true (T) or false (F)
The "O" in KSAO stands for
A. optimal. B. outside. C. other factors. D. obligation.
A firm may be a monopolist even though it is not the sole seller in a market
Indicate whether the statement is true or false