#57 | Part 5 Matching Permissions Employees Rules | NetSuite Segregation of Duties
Welcome to the Part 5 of the NetSuite Segregation of Duties Analysis. In this article, we will be discussing how to match the permissions and employees with the four rules that we discussed in the previous post.
There are 3 basic overall steps:
- Match the permissions with the employees
- Remove some duplicate combinations
- Match the permissions plus employees plus the 4 rules
I suggest you watch the video. It’s easier to understand if you are a visual/audio learner. The content below is the same as the video. It’s for those who learn by reading.
The three (3) steps on how to match the permissions and employees
1. Match the permissions with the employees
Here’s how the process works, and we will show you the individual steps, but, first, we’re going to match our employee list to the list of permissions.
This is our employee permissions list that we previously ran in one of the other reports, and we exported it out of NetSuite. Our lookup value will be the permissions column from our employees list here.
We’ve prepared our segregation of duties rules, so we’ll use these rules and combine it with our list of permissions.
2. Remove some duplicate combinations
We’re going to add a column in our list of employees and call it match.
Screenshot of column of the employees list
In the SOD rule set file, we’re going to create a new tab. We will copy the first set of permissions and copy the second set of permissions. Then we want to remove all the duplicates. We’re going to call this list “list of permanent rule set” so we have 7 permissions that are in the rule set with no repeating ones. So, the permissions if you remember with credit memo, check pay bill, make journal, customer, vendors, and approve journals. These are the 7 permissions that don’t repeat with anything else.
3. Match the permissions plus employees plus the 4 rules
Next, we’re going to look at the permissions and do a lookup value, and we’ll show you the lookup formula.
Here’s what the formula looks like. The D2 is equal to our lookup permission, which is the column D in the list of employees.
The list of permissions in the rule set tab is where we put our 7 lists of permissions that didn’t repeat (remember those?). The data range is the value that we want to match, and that’s the range that we want to look at and this is locked. The 0 is when we want to get an exact match. That’s the formula to use.
Now, we have the results. After entering the formula, it will give us a list something like this.
The next step we’re going to do is to remove all the NA’s or not applicable. We will filter out those.
In our excel spreadsheet that we have here, you will filter. These are all the employees, who have permissions to create, edit, or full which can be found in the SOD rule set.
We ignore the ones that are not found in the rule set because we want to look at a smaller list. The smaller the list, the easier it is for us to actually do the analysis. You’ll notice here the level in column E is just full, edit, and create. We have already removed the “None” and the “View”.
If you remember from the previous session, the “None” means that the user does not have the permission. “View” just means that the person can view it, but they cannot transact or change the transaction. We only want to focus on the level of permission that allows someone to create, to edit, or full, which is also create, edit, and delete.
To recap, we showed you the how-to’s of;
- Match the permissions with the employees
- Remove some duplicate combinations
- Match the permissions plus employees plus the 4 rules
That’s it. We’ll see you in the next session when we finish the final analysis.
Leave a Reply