ibs System enables retailers to manage the security on all levels starting with a secure access to the applications, menus, screens, tabs and down to the field level. Users are given access to the screens and functions that relate to their job functions. All actions and updates performed by users can be logged for auditing purposes. Data creation, modification, deletion and other activities can be logged and analysed.

“secure your system and your information”

ibs System provides comprehensive, efficient and flexible management of users and authorizations. Administrators create user profiles that describe a group of users. Profiles may be created by department (sourcing, purchasing, pricing), function (purchasing, pricing manager), role (scope of responsibility) and by user (buyer, assistant, pricing at center, pricing at store…).

Access rights may be set for each application and data scope. Each user is identified by a username and password. Depending on the user's role and profile, an information viewing level (entities, merchandise structure levels…) and specific rights (read-only, modification, deletion, validation, language…) will be attributed to the user. Data format (dates, numbers, currency…) may also be personalized according to the user.

ELABORATE YOUR SECURITY STRATEGY

General Description:
At first, the administrator will define what are the groups of users in his company, ie: what are the roles. A role is defined by a group of persons who has the same responsibilities in term of actions AND information scope. Example: a Sea foods buyer in Moscow and a Sea foods buyer in Boston may perform the same actions but their relative information scope is different. Their roles are then different.

Basically, a role is a combination of an application profile and information scope, which is defined at least on two axes:

the product hierarchy element (i.e., Seafood) and the Business Unit Group (i.e., Moscow or Boston).

How To?
The employee roles need then to be identified following the two upper axes: Application Profile / Information. Any major discrepancy will discriminate a role from another one. If there is only a few discrepancies, concerning one user within a group, the administrator may decide that all the users will be from the same role, but one of them will have exceptions at the user level (which are handled by the application).

Once the security strategy is clearly identified, the Administrator may proceed to its realization in the application.

CONFIGURE THE STRATEGY IN THE APPLICATION

General Description:
Once the security strategy is clearly identified, the Administrator may proceed to its realization in the ibs System application. He configures first the different profiles, then link them to roles. Once the roles are created, he links each one of them to the information elements he needs.

To note the standard application allows linking the role to the Merchandising and Purchasing structure elements and Business Unit Group. If some other information elements need to be managed regarding the company security policy, we may add these levels. Please refer to the CVS Supplier security business case.

How To?
The configuration is made simply in the ibs System application. Any update to a user role will be applied to the concerned users instantly. To reduce the error proportion, the ibs System application is organized into portlets. There are some:

• Action portlets in which the Administrator will proceed to the needed actions
• Contextual portlets that show the Administrator the potential impacts of the updates

APPLY THE SECURITY TO THE USERS

General Description:
Once the security strategy is configured in ibs System, the Administrator may link each user to the corresponding role. The users will inherit automatically the rights from the role. Whenever a new user will be listed, if he has the same role than another user, the Administrator will just have to link the existing role to the new user.

As ibs System handles LDAP, the Administrator doesn't need to key in manually all the company. The ibs System user library is automatically updated with the company address book. If the company doesn't need an LDAP synchronization, the Administrator can still create and update manually the user information.

How To?
The configuration is either done manually in the Security Management section or synchronized with the company LDAP. To accelerate the security parametrization process, the Administrator may duplicate existing users. Any change to a user is effective instantly. The user will have then new buttons or new menus available without any technical intervention.