I’m looking for some advice around screens in IFS which hold global data. We’re doing a big security review at the moment so want to make sure that we’ve got data managed such that only users in particular companies can see data they’re granted access to through site / company access.
Some examples of the areas where we’ve had to make considerations are:
- Customers [header level & address / contacts], we’re managing this through CRM (we set groups up for each company basically)
- IALs, we reviewed all the IALs we’ve built in the system to ensure they only point to data for the relevant company
- Report Archive, we discovered there’s a permission set which a number of users have which allows them to view all reports printed (we’ve since revoked this)
- Employment Informaiton / People Finder & Suppliers, we’ve accepted these as being global screens but are happy that there isn’t much sensitive data here so minimal level of concern
I was hoping the community might be able to help us come up with ideas of other screens or pieces of functionality we need to consider. Any thoughts would be incredibly helpful for this.