E-Commerce Role Based Access Control Management
Setting up E-Commerce Role Based Access Controls
Safeguarding your business assets is imperative and the segregation of duties can help you achieve better internal controls. This blog post further examines role based access control management from the e-commerce perspective. We will review the setup of the store manager for an e-commerce system.
Review E-commerce Store Manager Setup
For the purpose of this sample setup, the store manager will have functionality to oversee and perform all transactional data and reporting. The store manager will not be setup for system settings which includes making changes to tax rules and payment gateways. In addition, the store manager will not be permitted to delete any records.
1. Select Store Access including Orders, Coupons and Reports
Setup settings and system status are not required for our store manager to do his/her job. Restricting these features safeguards and controls payment gateways, tax rules, shipping calculations, and much more. Disallowing the setting options mitigates risk by removing the potential opportunity to make changes to features outside of the mangers role.
2. Review Product Setup Options and Ensure No Restrictions Exist
All options under the products tab are made available based on the manager's role configuration and company policy.
3. Review Additional Product Options
The above features will provide additional settings that will help the store manager increase sales through functions like product specific Search Engine Optimization and on-page sharing. Therefore, these product options will not be restricted to the store manager.
2. Review All Other Settings
By default, the above list of functionality comes with all options enabled. Under our configuration, we will make some changes to the store manager's role by removing functionality. We will remove all deletion capabilities to ensure that all data is available for audit purposes. Other roles such as purchaser and inventory manager can be configured to ensure duties are segregated. Using IT system controls is an effective way of enforcing segregation of duties and internal controls policies.
