Safeguarding your business assets is imperative and the segregation of duties can help you achieve better internal controls. This blog post further examines role based access control management from the e-commerce perspective. We will review the setup of the store manager for an e-commerce system.
For the purpose of this sample setup, the store manager will have functionality to oversee and perform all transactional data and reporting. The store manager will not be setup for system settings which includes making changes to tax rules and payment gateways. In addition, the store manager will not be permitted to delete any records.
Setup settings and system status are not required for our store manager to do his/her job. Restricting these features safeguards and controls payment gateways, tax rules, shipping calculations, and much more. Disallowing the setting options mitigates risk by removing the potential opportunity to make changes to features outside of the mangers role.
All options under the products tab are made available based on the manager's role configuration and company policy.
The above features will provide additional settings that will help the store manager increase sales through functions like product specific Search Engine Optimization and on-page sharing. Therefore, these product options will not be restricted to the store manager.
By default, the above list of functionality comes with all options enabled. Under our configuration, we will make some changes to the store manager's role by removing functionality. We will remove all deletion capabilities to ensure that all data is available for audit purposes. Other roles such as purchaser and inventory manager can be configured to ensure duties are segregated. Using IT system controls is an effective way of enforcing segregation of duties and internal controls policies.