Assigning access rights to “Field choices in Configuration tables” for the Building designers in ERP environments
- 08 Dec 2022,
Configuration tables are data tables that store information representing multiple choices that exist in business and are required to be chosen frequently by building designers and project teams.
To ensure the development of robust designs and avoid conflict of “Roles,” access to “Field choices ” in the “Configuration tables” need to be assigned carefully (based on the competence level of designers) in the Design of Architectural, Interior designing, and Design of MEP functions.
Many functions can use configuration tables depending on the access assigned. Therefore, a separate chapter 5 is dedicated to developing Configuration tables in my handbook and hence not being duplicated.
For developing “Roles,” a basic initial understanding of the following aspects is necessary.
· i)Field choices in Configuration tables in ERP environments.
· ii) Assessing risks in accessing Field choices in Configuration tables
· iii) Segregation of duties (Abbreviated as S-O-D)
· iv)Development of Authorisation Profiles or called profiles in this Handbook
· v) Attaching Profiles to Roles
The summary of each of the above points is as below.
i)Field choices in configuration tables in ERP environments
A few examples of field choices required frequently by building designers and project teams are below.
· Types of packages (e.g., civil, interior design, MEP, and further drill down within each of these packages)
· Types of project organisation (Housing, Commercial, hospitality, etc.)
· Types of vendors (e.g., consultants/contractors/service providers/business associates)
· Types of business documents (Design brief document, sanctioned drawing, Good for construction, As-built drawing, etc
· Types of materials /BOQ items for various works (e.g., civil, electrical, plumbing, etc.)
· Types of inspection frequency for BOQ/Constructed packages (e.g., none, % sampling,100%, etc.)
· Types of Inspection attributes (dimensional, metallurgical, chemical, etc. vis a vis BOQ in various packages)
Of course, designers and project teams can add many more field choices relevant to the number of packages designed vis-a-vis construction projects in their respective organisations.
ii) Assessing risks in accessing Field choices in configuration tables
What access right ( Create or edit or delete or view or approve as stated in the previous paragraph ) is to be assigned is influenced by the risk assessment of accessing the individual field choices, i.e., High, Medium, or Low.
The methodology for classifying risks to fields is given in chapter 10 of the handbook and annex 15D, wherein 19 field choices have been identified as having Medium, risks and hence not being duplicated here.
The methodology can also be accessed at my website blog: https://www.ethicalprocesses.com/blog_detail/risk-assessments-at-fields-level-of-configuration-tables.
So at the time of developing authorization profiles, the designer must have prior knowledge of risk level as captured in the illustrations given below
iii)Segregation of duties S-O-D:
The aspects related to S-O-D have been covered in one of the earlier blogs on my website and hence are not being duplicated (please refer to
The S-O-D concept has been used for developing this blog as implementing S-O-D can enable avoiding conflict of roles amongst designers at different levels.
iv)Development of Authorisation profiles -1 illustration having 5 “Field choices” in the configuration table
The author proposes developing five authorization profiles for accessing each “field choice “in configuration tables.
There must be a distinct option to choose from any one or combination of the following five activities.
· Create or initiate a specific individual /identified “Field choice” for which access is to be given vis a vis Design of Architectural, Interior designing, and Design MEP function.
· Edit or modify the “Field choice” within each Field
· Delete the “Field choice” within each Field
· View the “Field choice” within each Field
· Approve the “Field choice” within each Field
An illustration of the method of developing authorization profiles for 5 “field choices” in one configuration table in the Design of Architecture function is given below.
This illustration contains all required information in a tabular form with a suggested profile code numbering scheme.
The reader can change the proposed profile code numbering and information in each row at their discretion.
Thus, the author proposes developing five authorization profiles for each field choice in the configuration table.
Illustration for one configuration table
Function: Design of Architect Code number of Configuration Table for SOD assignment =CT211 Macro-level Risk for this table: Medium (previously assessed) Field name =Types of Civil package, Field Code=F501, Codes & names of Field choices in this Field F501 are as below: A01-Structure, A02-Civil works, A03-Façade-Risk, A04-External development (e.g., Roads, Gates, Drainage, etc.), A05-Softscape, and say ten more Risk at these “field choice” levels=Medium (previously assessed) The coding schemes are given in the book of the author | |||||
Profile numbers Proposed for accessing “Field choice A01” in Field F501 in CT211: PT01001 to PT01005 (Compiled in Annexure 30C) | |||||
Description | PT01001 | PT01002 | PT01003 | PT01004 | PT01005 |
Key “Rights” vis a vis this Field Choice (RHS of this row) Column 1 | Create/ Initiate Column 2 | Edit/ Modify Column 3 | Delete
Column 4 | View*
Column 5 | Approve
Column 6 |
Function assigned | Design of Architect | Design of Architect | Design of Architect | Design of Architect | Design of Architect |
Team assigned Number & name | T-1or T2 or T3 or T4 Architect for relevant area | T-5 Architect For all areas | T-6 Functional Risk Coordinator | T-1*or T2* or T3* or T4* Architect for relevant area | T-7 function head
|
Employee Level Proposed | middle | Higher | middle | middle | Higher
|
Position who can perform | Mgr. | Sr Mgr. | Sr. Mgr. | Mgr.* | GM
|
Risk classifications for remaining field choices A02 -A05 are also assessed the same, i.e., Medium. Therefore, the SOD matrix (capturing Function, team, team member’s level & position) for these field choices are proposed to be identical to field choice A01 as above. The proposed profile numbers for the field choices identified in this table are below. · A01 -PT01001-PT01005 · A02- PT01006-PT01010 · A03- PT01011-PT01015 · A04- PT01016-PT01020 · A05- PT01021-PT01025
Thus 25 profiles have been generated as above using the SOD concept T1, T2, T3….. represent team numbers within design function(e.g., structure, architecture, façade, etc.). The numbering schemes for configuration tables, Fields, field choices , Teams , Profiles, etc., are described in chapter 9 of my handbook and hence not being duplicated here. | |||||
Based on business needs, the number of access profiles for accessing field choices in configuration tables can be determined/estimated per the following approach.
· In the case of configuration tables, authorization profiles for accessing field choices need to be developed @5 profiles per field choice.
· It means developing 95 authorization profiles (@5x19 fields identified). The author proposes developing 3000 profiles for design functions@, 1000 per Function (Design of Architect, Interior, and MEP Design) for field choices.
· The profile numbering can say starting from PT01001 to PT04000
iv)Attaching Profiles to Roles
Once configured, “HOD can attach Authorisation Profiles” so developed to various “Roles” (with the help of the IT team) depending on the roles planned based on team member level, hierarchical position, and skill levels relevant to function.
The concept of roles has been mentioned in one of the earlier blogs on my website as below, hence not being duplicated.
In some ERP-driven business environments, like SAP, profile-generating software is also available wherein standards authorization profiles can be developed and attached to designers for transacting in respective design development modules.
Once authorization profiles have been developed, the attachment of these profiles to roles is proposed in three steps as below, precisely similar to the steps described in the earlier blog for accessing fields in master data tables.
a) Attach profile to roles in the development server
b) Test roles in test servers by ERP teams and designers
c)Upload roles to the production server, after testing approval
To ensure that no incompatible or conflicting authorization profiles get attached, the roles need to be attached to the production server by following P-D-C-A (plan-do-check-act) approach
The number of profiles and hence the number of roles can run into several hundred or thousands depending upon the following:
· Size and complexity of the organization
· the variety of Construction projects residential, commercial, educational, SEZ, etc
· The skill level of designers
· The technology of construction, design software,
· The design organization structure and empowerment culture
· The risk appetite of the company.
These roles can then be assigned to different positions, independent of the names of individuals.
Handbook of the author
A template illustrating assigning access rights to Field choices is included in chapter 11 (annex 28C) in the author's handbook and titled” ETHICS in the real estate and hospitality industry, Volume 1- Architectural, Interior design, and MEP services.