Best Practices for Permission Management
Five Best Practices
- Try to use roles instead of assigning specific permissions to an individual user.
- You can define as many roles as are needed. And assign them to one or more users. A user can have zero or many roles.
- You can then go through and associate specific granular permission activities within the system to specific role(s) and users(s). Roles make things more scalable as the team changes over time.
- Until a given user or a given role is explicit permission for taking an action within DN (Say scanning materials into an electronic batch record) EVERYONE has permission. As soon as you lock it down to just a given person or group then ONLY those folks with the permission are allowed to perform the function. This SIGNIFICANTLY streamlines permissions management. During implementation and in the future.
- CFR 21 Part 11 Regulation states that user accounts cannot be shared as it eliminates accountability for actions taken within the system. However, it is super easy to decommission temp worker accounts and create or new accounts. These actions can also be done through the API.
Recommended Roles
| Reccomended Role Name | Reccomended Role Permission Activities |
|---|---|
| Administrator | Users in this role should be able to do everything. These are power users ONLY. |
| Quality Control | Reccomended to be used as a high-level role which allows individuals to change expiration dates and release statuses as well as configure all master data. |
| Receiving | Allows individuals to receive and print against predefined Purchase Orders |
| Inventory Control | Users in this role should have permissions to preform cycle counts, inventory adjustments, transfers, and scrap transactions. |
| Shipping | Allow shipping transactions against predefined Sales Orders |
| Production Planning | Users in this role should be able to schedule manufacturing records and create Work Orders. |
| Manufacturing Execution | Individuals in this role should have permission for recording transacted parts and produced quantity. Additionally this role should have permissions for Process step attribute completion. |
| MFG QC Inspector | In process QC and Approval Step Electronic signature required role. |
| Yellow Escalation | Supervisor Override |
| Red Escalation | Manager Override |
Updated 8 months ago