Description
Currently, there is no way to reduce the amount of users who have access to the stock number table and that can edit that table. This table needs to be restricted to the enterprise level (Logistics Program) so that all changes in the catalog can be made with the entire enterprise in mind.
Recommended
Recommend to add a new role called the "Catalog Role". This should be the only role that has rights to change the catalog. The Warehouse officer should not have access to the stock number table. The warehouse officer needs to have rights to the stock item table to be able to add items from the catalog into their warehouse but not add new items to the Logistics Program Catalog.
Mission Critical
This will help restrict the number of users who can edit the stock number table (Catalog).
Benefits
This will increase data accuracy since the authority to edit data is restricted to the enterprise level (Logistics Program).
Users
All IIF & UIF
22Feb2016 – cancelled per Randy Reed
This was moved to help desk ticket #7594, to support a new role if required
There is a Cataloger Role.
The Warehouse Officer Role is basically a "Super User" role. Few users, if any, should actually be granted this role, as no warehouse we have to date uses all of the DPAS Warehouse features. The only processes it does not include are the Armory Issue and Return processes. Unfortunately what occurs "all too often", users are granted the Warehouse Officer role.
For Example:
I'm not sure why a person working the Lejeune STAP warehouse would require the Individual Issue processes. If they have access to them, I would question WHY? Roles can be assigned at the Warehouse level, so if a person sometimes works in STAP and sometimes in the IIF, then they could have different roles based upon the warehouse that have access to, if desired. Note: This does require a bit more thought /up front Security Form processing by the CSP team to denote that when x is working in this warehouse, they have this role, and when in a different warehouse, they should have this role, rather than defining a single role at Site or Region level for x warehouses.
I would also consider limiting who has access to the Warehouse Mgmt processes. Few users should be able to add/edit: Facilities, Zones, Locations, Cost Centers, Personnel, Project Cd Ranges, and/or Document Nbr Ranges. The Warehouse Officer role provides the user with full access to these processes as well.
Unfortunately, we are not in a position to change the Warehouse Officer role, as there are many users outside of CSP using this role. What I would suggest is for CSP to review the current available roles, and select the one(s) that match their Business Processes based upon their style of Warehouses. I know Mr. Cravey and team did this initially and we created roles specifically for the CSP program as well as specific roles for the DMC folks. Should DPAS not have the role(s) that correspond with the CSP business processes, we will either modify an existing one (if only used by CSP), or we will create new roles to support what is needed.
The attached spreadsheet has 2 tabs. The Roles with Cataloging tab lists the roles that have Catalog process within them, and the level of access. The All WH Roles tab contains a complete list of current warehouse roles. Let us know what you find in your review. As stated above, if you find a role that matches the CSP business process, use it. If you cannot, let us know what processes and level of access required, we'll create a role or roles to support CSP. It's good to see we have folks getting serious about security. It's all about least privileges.
Regards, Randy
