DPAS SCR: 02171

Back


  • SCR Number
    02171
  • Title
    Work Order Resource Management Grp ID Capability
  • DPAS Module
    PA,MU,Warehouse,Materiel Management
  • Reporting Organization
    USMC
  • State
    New
  • History
    6/27/2025
  • Description
    Change Request: New Process

    Description:
     
    ELMS lacks the capability to dynamically manage user roles, responsibilities, assign tasks, and enforce data access based on organizational structure and mission function, as effectively demonstrated by the current Resource Group model in use at LOGCOM. This absence of a structured, role-based grouping mechanism—such as WORMG—limits the system's ability to enforce separation of duties, manage provisioning at scale, and ensure auditable user role assignment across multiple ELMS modules. Without a centralized resource grouping capability, unit-level administrators face inefficiencies in managing user access, increasing the likelihood of role drift, unauthorized data visibility, and inconsistent assignment of CTTT tasks. This impedes audit readiness, violates ICAM best practices, and introduces compliance risks under DoD cyber security and identity management mandates. This deficiency constitutes a Significant Deficiency in internal controls under OMB Circular A-123 and DoD FIAR guidance. It adversely affects the system’s ability to enforce identity, credential, and access management (ICAM) policies, impairs segregation of duties, and increases the risk of audit findings related to improper access. While not yet a Material Weakness, its enterprise-wide impact and alignment with key audit objectives elevate it to a priority remediation area for ELMS/DPAS modernization.
     
    Recommended:
     
    Resource Group Capability for ELMS
     
    MARCORLOGCOM business processes require the following system requirements needed to implement a Work Order Resource Manager Group (WORMG) capability in ELMS. This capability will support automated routing and assignment of tasks to appropriate entities.
     
    REQ-01 – Resource Group Definition: The system shall enable administrators to create and manage WORMG Identifiers (WORM_ID) that associates Users, user roles, access privileges to the organizational structure (e.g., Unit Identification Codes or Activity Address Code). This enables scalable and secure user access management across all ELMS modules based on organizational and functional responsibilities. Examples of existing WORMG groupings are:
     
    1. AAC-M38005
    2. AAC-M38005_MAINT
    3. AAC-M38005_MAINT_CAL
    4. AAC-M38005_MOVE
    5. AAC-M38005_EKMS_CAL
    6. AAC-M38005_WEAPONS_CAL
    7. AAC-M38005_SUPPLY
    8. AAC-M38005_S3
    9. AAC-M38005_S4
    10. AAC-M38005_WEAPONS
     
    REQ-02 – Role-Based Access Control (RBAC) via WORMG: The system shall implement Role-Based Access Control (RBAC) through WORMG that determines the user’s ability to view or transact records in specific ELMS modules. This enforces security and segregation of duties while maintaining audit compliance. The system must support Roles are pre-configured and map to system functions. Users assigned a WORMG will inherit RBAC permissions automatically.
     
    REQ-03 – Organizational Data Restrictions: The system shall support the assignment of WORMG to specific organizations, units, or sites within ELMS to control data visibility at the UIC/AAC level. This prevents unauthorized access to data from unrelated units or Commands. Users see only records belonging to their assigned unit(s). Cross-unit access must be explicitly configured by an authorized admin.
     
    REQ-04 – WORMG Assignment Workflow: The system shall provide a workflow-based interface for assigning users to a WORMG, including submission, review, and approval stages. This provides accountability and oversight into user provisioning processes. The workflow should address all stages between the initiator, account approver, and system admin. All workflow actions are time-stamped and logged.
     
    REQ-05 – Automated Access Request Processing (Auto-SAAR Integration): The system shall integrate with approved Identity Services to automate user provisioning based on verified identity attributes and mission role. This reduces administrative overhead and ensures secure, identity-verified access. Key features include integration to retrieve user identity and role attributes followed by ELMS automatically recognizing appropriate WORMG assignments during onboarding.
     
    REQ-06 – WORMG Audit Trail: The system shall record all actions related to WORMG creation, modification, deletion, and user assignment into a centralized audit trail. This provides traceability and supports compliance with DoD audit standards. Logs must capture User ID, timestamp, action taken, and object affected. Logs are viewable and exportable for audit compliance.
     
    REQ-07 – Periodic Access Review (User Certification): The system shall support periodic User Access Reviews (UARs) that generate WORMG assignment reports and allow account managers to re-certify or revoke user access. The review process should allow account managers to update assignments based on recorded justification.
     
    REQ-08 – Approver Group Configuration: The system shall support configuration of Approver Groups within WORMG(s) to route approvals for transactions to designated individuals. This supports accountability and chain-of-command adherence for key actions. Account managers will configure Approver Groups by function and approval level. Approvals follow established business process rules.
     
    REQ-09 – Training Completion Validation: The system shall validate that users have completed mandatory training prior to WORMG assignment. This is required to prevent untrained personnel from executing mission-critical tasks. This requirement will assure training completion is verified via training system integration or once the certificate is uploaded. Users are blocked from group assignment until training is validated.
     
    REQ-10 – Module-Agnostic WORMG Utility: The WORMG capability shall function across all ELMS modules with consistent user-role behavior. This ensures consistency and eliminates redundant configuration across modules. The system will be accepted when the following criteria are met: WORMG definitions are centrally managed and universally applied. A user assigned to a group in one module behaves identically in another.

    Mission Critical:
    OMB Circular A-123 and DoD FIAR guidance
     
    Benefits:
    - Meets MARCORLOGCOM's business model
    - Assists in 100% accountability of assets
    - Complies with current audit controls 

    Frequency: 
    Daily

    Users: 
    All USMC Users

Back

 

Home  |  Security Notice    Official Defense Logistics Agency Logo    Disclaimer  |  Accessibility
 
Defense Logistics Agency (DLA)
Logistics Catalog and Data Solutions (LCDS)