Assigning access rights to “Fields in Master data tables” for the Building designers in ERP environments
- 25 Nov 2022,
To ensure the development of robust designs and avoid conflict of “Roles” access to “Fields” in the “Master data tables” need to be assigned carefully (based on the competence level of designers) in the Design of Architectural, Interior designing, and Design of MEP functions
“Master data” is the core data that is used as a base for any transaction. In the current context of this article of designing, purchasing BOQ, and construction, whatever activity may be, it requires certain master data to be maintained.
Master data tables contain “Fields” as per requirements as captured in the following paragraph.
Depending on the comprehensiveness of the master data table, the number of master data tables, in any function, can be restricted to a reasonable number. Master data tables can be used by many functions, depending on the access assigned and a separate chapter 6 is dedicated to developing master data tables in my handbook and hence not being duplicated.
For developing “Roles”, a basic initial understanding of the following aspects is necessary.
· i)Fields in ERP environments (e.g., S.A.P)
· ii) Assessing risks in accessing Fields in master data tables
· iii) Segregation of duties (Abbreviated as S-O-D)
· iv)Development of Authorisation Profiles or called profiles in this Handbook
· v) Attaching of Profiles to Roles
The summary of each of the above points is as below.
i)Fields in ERP environments
For simple understanding, the “Field” contains the data at the granularity level and can be used in forms, documents and tables and must have a number, and description, field length. Data type/data element /value can be assigned to the field as per the purpose of the field and governed by the design of types of tables designed in the ERP environments
a list of Fields (in each of the master data tables) needs to be identified for which access rights are to be given. Examples of a few fields are as below
· F504= List of Drawings & technical specifications for the scope of work, including for BOQ - Structure work packages
· F505= Drawings & technical specifications - Civil Building works package
· F506= Drawings & technical specifications - Facade works package
And so on
A list of 109 such fields, identified by the author in the handbook as applicable for building design functions (as below) out of 428 fields relevant to construction projects is available in annex 1F,1G in the author’s handbook
· Design of Architecture=27 fields ( for 5 packages)
· Interior designing =23 fields ( for four packages)
· Design of MEP functions= 59 fields (for 2 packages)
Total fields identified=109
Of course, designers can add many more fields as relevant to the number of packages to be designed vis-a-vis construction projects in their respective organisations, and the number of fields may run into hundreds
For 13 functions in the real estate /hospitality Industry, 870 fields have been identified by the author in the handbook in Annex 1A to 1G
ii) Assessing risks in accessing Fields in master data tables
What access right ( Create or edit or delete or view or approve as stated in the previous paragraph ) is to be assigned is influenced by the risk assessment of accessing the respective field ie High, Medium, or Low .
The methodology for classifying risks to fields is given in chapter 10 of the handbook and annex 16D, wherein 56 fields have been identified as having High, Medium, or Low risks and hence not being duplicated here.
The methodology can also be accessed at my website blog: https://www.ethicalprocesses.com/blog_detail/how-to-assess-risks-at-field-level-of-master-data-tables.
So at the time of developing authorization profiles, the designer must have prior knowledge of risk level as captured in the illustrations given below.
iii)Segregation of duties S-O-D:
The aspects related to S-O-D have been covered in one of the earlier blogs on my website and hence are not being duplicated (please refer to
However, the S-O-D concept has been used for developing this blog as implementing S-O-D can enable avoiding conflict of roles amongst designers at different levels.
iv)Development of Authorisation profiles -1 illustration having 5 Fields in Master data table
The author proposes developing five authorization profiles for accessing each field in master data tables, and illustrations are given below
There must be a distinct option to choose from any one or combination of the following five activities.
· Create or initiate the “contents” within a specific individual /identified Field for which access is to be given vis a vis Design of Architectural, Interior designing, and Design of MEP function.
· Edit or modify the “contents” within each Field
· Delete the “contents” within each Field
· View the “contents” within each Field
· Approve the “contents” within each Field
An illustration of the method of developing authorization profiles for five fields in one master data table in the Design of Architecture function is given in below table and is self-explanatory.
This illustration contains all the required information with a suggested profile code numbering scheme.
The reader can change the proposed profile code numbering as also the information in each row at his/her absolute discretion.
Thus, the author proposes developing authorization profiles @ five for each field in the master data table
Illustration Key Function: Design of Architect Master data table considered for illustration =MT106 Table name: Drawings/specification master-Packages in Civil works Macro Risk assessed -for this table: High Codes & names of Fields with High levels of risk are as below. · F504= List of Drawings & technical specifications for the scope of work, including for BOQ - Structure work packages · F505= Drawings & technical specifications - Civil Building works package · F506= Drawings & technical specifications - Facade works package · F507= Drawings & technical specifications - External development areas / Landscape /hardscape works package · F508= Drawings & technical specifications - Softscape works package The coding schemes are given in the book of the author | |||||
Profile numbers Proposed for accessing Field F504 in MT106: PM00501 to PM00505 | |||||
Description | PM00501 | PM00502 | PM00503 | PM00504 | PM00505 |
Key “Rights” vis a vis this Field (RHS of this row) Column 1 | Create/ Initiate Column 2 | Edit/ Modify Column 3 | Delete
Column 4 | View*
Column 5 | Approve
Column 6 |
Function assigned Code & name | Design of Architecture | Design of Architecture | Design of Architecture | Design of Architecture | Design of Architecture |
Team assigned Number & name | T-1or T2 or T3 or T4 Architect for relevant area | T-5 Architect For all areas | T-6 Functional Risk Coordinator | T-1*or T2* or T3* or T4* Architect for relevant area | T-7 function head
|
Level empowered | Middle | Higher | middle | Middle | Higher |
Position who can perform | Sr. Mgr. | GM | Sr. Mgr. | Mgr.* | Project Head |
Risk classifications for remaining fields F505, F506, F507, and F508 are also assessed the same i.e. High. Therefore, the SOD matrix (capturing Function, team, employee’s level & position) for these fields is proposed to be identical to field F504 as above. The proposed profile numbers for these fields identified in this table are as below. . · F504- PM00501- PM00505 · F505- PM00506- PM00510 · F506- PM00511- PM00515 · F507- PM00516- PM00520 · F508- PM00521- PM00525 Thus 25 profiles have been generated as above using the SOD concept T1,T2,T3….. represent team numbers with in design function(e.g. structure, architecture, façade etc). The numbering schemes for Master data tables, Fields, Teams ,Profiles etc are described in chapter 9 of my handbook and hence not being duplicated here . | |||||
Based on business needs, the number of access profiles for accessing fields in master data tables can be determined/estimated as per the following approach.
· Authorization profiles for accessing fields need to be developed @5 profiles per field.
· It means developing 545 authorization profiles (@5x109 fields identified by the author).
· For professionals' easier understanding, in annex 16D in the book, 280 authorisation profiles have been illustrated for 56 fields.
· The author proposes developing 1500 profiles for design functions@ 500 profiles per function, say, fields @ 100 in each of the Design of Architectural, Interior designing, and Design of MEP functions
· The profile numbering can be,say, starting from PM00501 to PM02000
iv)Attaching Profiles to Roles
Once configured, “Authorisation Profiles” so developed can be attached by HOD to various “Roles” (with the help of the IT team) depending on the roles planned based on team member level, hierarchical position, and skill levels relevant to function.
The concept of roles has been mentioned in one of the earlier blogs in my website as below and hence not being duplicated.
In some ERP-driven business environments, like SAP, profile generating software is also available wherein standards authorization profiles can be developed and attached to designers for transacting in respective design development modules.
Once authorization profiles have been developed, attachment of these profiles to roles is proposed in three steps as below
a) Attach profile to roles in the development server
b) Test roles in test servers by ERP teams and designers
c)Upload roles to the production server, after testing approval
To ensure that no incompatible or conflicting authorization profiles get attached, the roles need to be attached to the production server by following P-D-C-A (plan-do-check-act) approach
The number of profiles and hence the number of roles can run into several hundred or thousands depending upon the following:
· Size and complexity of the organization
· the variety of Construction projects residential, commercial, educational, SEZ, etc
· The skill level of designers
· The technology of construction, design software,
· The design organization structure and empowerment culture
· Risk appetite of the company.
These roles can then be assigned to different positions, independent of the names of individuals
Handbook of the author
The templates illustrating generation of profiles for accessing fields in master data table are included in chapter 11 (annex 29C and 30D) in the handbook of the author and titled” ETHICS in the real estate and hospitality industry, Volume 1- Architectural, Interior design, and MEP services “