Best Practices for Permission Management

Five Best Practices

  1. Try to use roles instead of assigning specific permissions to an individual user.
  2. You can define as many roles as are needed. And assign them to one or more users.  A user can have zero or many roles. 
  3. You can then go through and associate specific granular permission activities within the system to specific role(s) and users(s).  Roles make things more scalable as the team changes over time.
  4. Until a given user or a given role is explicit permission for taking an action within DN (Say scanning materials into an electronic batch record)  EVERYONE has permission.  As soon as you lock it down to just a given person or group then ONLY those folks with the permission are allowed to perform the function.  This SIGNIFICANTLY streamlines permissions management. During implementation and in the future.
  5. CFR 21 Part 11 Regulation states that user accounts cannot be shared as it eliminates accountability for actions taken within the system.  However, it is super easy to decommission temp worker accounts and create or new accounts.   These actions can also be done through the API.

Recommended Roles

Reccomended Role NameReccomended Role Permission Activities
AdministratorUsers in this role should be able to do everything. These are power users ONLY.
Quality ControlReccomended to be used as a high-level role which allows individuals to change expiration dates and release statuses as well as configure all master data.
ReceivingAllows individuals to receive and print against predefined Purchase Orders
Inventory ControlUsers in this role should have permissions to preform cycle counts, inventory adjustments, transfers, and scrap transactions.
ShippingAllow shipping transactions against predefined Sales Orders
Production PlanningUsers in this role should be able to schedule manufacturing records and create Work Orders.
Manufacturing ExecutionIndividuals in this role should have permission for recording transacted parts and produced quantity. Additionally this role should have permissions for Process step attribute completion.
MFG QC InspectorIn process QC and Approval Step Electronic signature required role.
Yellow EscalationSupervisor Override
Red EscalationManager Override