E-business involves business processes spanning the entire value chain: electronic purchasing and supply chain management, processing orders electronically, handling customer service, and cooperating with business partners. Special technical standards for e-business facilitate the exchange of data between companies. E-business software solutions allow the integration of intra and inter firm business processes. E-business can be conducted using the Web, the Internet, intranets, extranets, or some combination of these.
Enterprise Resource Planning (ERP) is one of the major areas of e-business applications. ERP is an enterprise-wide information system designed to coordinate all the resources, information, and activities needed to complete business processes such as order fulfillment or billing. A standard functionality of an ERP system is to implement the business processes of the organization. A business process is implemented as a sequence of transactions. The exact implementation depends on the specific ERP product and its architecture.
Standard business processes are usually defined within the relevant module of an e-business product. For example, these could be modules implementing financial operations, warehouse management, human resources, customer relations management and others.
A business process implemented within the e-business system may contain one or more sub-processes. For example, within the business process ‘Purchase Order’ the possible sub-processes may be ‘Create Purchase Order’, ‘Change Purchase Order’ and ‘Display Order’. Execution of the sub-processes would mean a different sequence of transactions to be executed. Moreover, the same transaction might have different permission level when executed within the different sub-processes of the same business process. For example, a transaction handling documents would open a document for editing in ‘Change Purchase Order’ sub-process, but will only permit ‘read’ when reached through the ‘Display order’ sub-process.
Most e-business products provide a degree of flexibility in customizing the standard out-of-the-box business process to the specific needs of an organization. This is generally achieved by adding and removing transactions with their corresponding parameters to and from the originally defined sequence of processes and sub-processes.
There is a number of existing products assisting the user with configuring the permissions for the transactions in the system. These products either perform an audit of the already implemented permissions structure or alternatively suggest an optimal permissions structure in the context of business processes in the system. The core element of these products is a database containing restrictions on transactions that a certain user can access in accordance to Risk Management methodology, such as Sarbanes Oxley. Examples of these products are Virsa tools by SAP AG, Authorization Organizer and Authorization Auditor by CSI tools, Eurekify Enterprise Role & Compliance Management Suite by Eurekify Ltd. and others.
U.S. Pat. No. 6,005,571, ‘Graphical user interface for managing security in a database system,’ describes a method for management of security in an ERP system. The method includes producing a plurality of task groups, which include actions that may be performed by the users. The patent also covers a graphical user interface that can be used to perform these tasks.
U.S. Pat. No. 7,343,628, ‘Authorization data model,’ suggests a structure of security permissions and possible implementation of security authorization process in an enterprise system.