Retail Company had so many employees and needs to apply some change in their BO system to ensure the GDPR implementation. The company needs a new BO security matrix.
This Retail Company is an international company, based in Portugal, and had about 255 years of experience on the food branch, meeting the needs of million consumers. Its principal activity is the food distribution, which represents more than 95% of company sales, being that its value proposition is based on the price-quality relationship.
For its management and report elaboration they use SAP’ software. In this Bussiness Intelligence Platform, the security is executed through groups and access levels assigned to these, in the respective folders, documents, application, data. For each user to have access only to the information due, the security matrix where all this is contained, must be very well defined. So that, the groups defined in the platform must be organized by company and after for department, to ensure that every user have access just to the information regarding to its department in the respective company. Furthermore, should be possible have users with different access levels, for example, some people just can see the reports, others change it and its information.
In the beginning there was around 15 access levels, which make difficult the change of a specific access level to determinate folder or documents. That way, have been create only 3 access levels, the first to administrator users, a second for the users that have an advanced access and a third one for the basic users, that only can see the document without make any change in it.
The groups had been changed, containing now only 3 levels. The first level is composed by the companies/chains, the second level are the departments, and a third level is composed by the groups contained in the respective department/company. The folders had names with a difficult interpretation, and now are organize by company and then theme.
With this changes, now is easier assign access to specific folders, data or applications, since the groups have a structured hierarchy and exist just 3 access levels. This way the information’ confidentiality is ensured.