This document discusses managing security in ERP implementations. It identifies several types of ERP security issues, including network security, system access security and role authorization, and data security. It describes strategies for activity-based and role-based authorization in ERP systems. It also discusses data security technologies like data masking, which conceals sensitive data in test environments. Role-based authorization assigns authorization to roles, while activity-based authorization assigns transaction code sets. Data masking algorithms like shuffling, hashing and substitution can enhance data security.

1. MANAGING ERP SECURITY

2. Introduction
 To mange the risk regarding ERP
implementation and ERP project is much
larger issue and need to be seen as a whole to
ensure that ERP system is implemented and
operated successfully during the life cycle

3. TYPES OF ERP SECURITY ISSUES
 Network Security :
 Selected customers and suppliers with whom a
company need collaboration should be allowed
within company’s FIREWALL and should be able
to see only relevant data.
 Secured network to avoid hackers

4. TYPES OF ERP SECURITY ISSUES
 SystemAccess Security – Role &
Authorisation
 Valid authorization and authentication for each
employee in the organization
 “For example the person creating purchase order
should not be allowed to release payment”

5. TYPES OF ERP SECURITY ISSUES
 Data Security
 During ERP implementation company’s sensitive
data are visible to the implementation team
members.
 Security of the data are more important to the
companies like bank,defence,credit card etc…

6. SYSTEM BASED SECURITY- AUTHORISATIONS
Depending upon the roles and responsibly of
the employees two types of authorization
strategies are supported by ERPs
(I) Activity based authorization
(II) Role based authorization

7. Activity Based Authorizations
Steps:
1. Indentify the activities of the particular
process may involve
2. Prepare set of transaction code for each
activity
3. Prepare authorization role for each
transaction
4. Assign the user the specific role

8. For Example – Leave Approval Process
(I) Identify the activities
(I) View Leave Balances
(II) Execute and approve workflow for leave request
(II) Prepare set of code
(I) View Leave Balances - XX
(II) Execute and approve workflow –YY
(III) Prepare authorization role
Z:HR_APPROVE_LEAVES will consists XX and
YY.

9. Advantage and Disadvantage
Advantage of activity based is Flexibility in
assigning various combination of transaction
sets.
Disadvantage isTransaction code should be
carefully created to avoid duplication

10. Role Based Authorization
Instead of focusing on individual activity here
authorization is created for a “Role” for example
“Procurement Role”.
Steps:
(I) Identify the transaction codes that each role in
organization require
(II) Prepare authorization role for list of transaction
(III) Assign role to the user.

11. Advantage and Disadvantage
Advantage of role based is authorization role
becomes specific to identified role in a
function, therefore future modification can
be managed easily.
Disadvantage : This method requires careful
standardization of roles.

12. Different Types of
Authorization
Role Transaction Code Types of Authorization
Material Manager Material Master Create,Change,Delete,
Display
Goods Issue Clerk Material Master Display

13. Data Security and Technology
For Managing DATA
Data Masking:
The Process of concealing sensitive data in
development, test or training environment so
that developers or testers do not get exposed
to this data.
Benefits:
1. It meets regulatory compliance
requirement
2. It enhance data security for outsourcing
application

14. Data Masking Algorithms
1. Shuffling / Reorder
2. RandomValue
3. Hashing
4. Date aging
5. NumericAlternation
6. Custom
7. Substitution with a random value
 IBM optim is popular data masking tool