ERP FOR ENGINEERING MANUFACTURING COMPANIES

No. 29

Best Practices for User Rights Management in OurSys ERP

11 October 2025

img

Properly managing user access rights in OurSys ERP is critical to maintaining data security, operational efficiency, and compliance with internal controls. Misconfigured permissions can lead to data exposure, process delays, or unauthorised transactions - especially in organisations that have grown rapidly.

This article outlines best practices for setting up and maintaining user permissions, with a focus on role-based access control and department-specific responsibilities.

Overview of Access Control in OurSys

In OurSys, user permissions can be assigned in two ways:

  1. Individually - by manually selecting (ticking) specific features for a user.
  2. By User Profile - by assigning a predefined User Profile that bundles a set of permissions associated with a specific role.

Using User Profiles is strongly recommended as it ensures consistency, simplifies user onboarding, and reflects organisational roles more accurately. A User Profile acts like a role in your org chart, grouping access to relevant features and workflows required for that position.

Common Pitfalls

We have observed that in many companies, especially those that have scaled from small teams to larger departments, user permissions are often incorrectly set. This usually happens due to:

  • Lack of clear role definitions
  • Informal or inconsistent communication between HR, IT, and department heads
  • Assigning permissions manually without reviewing organisational structure

To avoid these issues, follow the structured approach below.

Guidelines for Assigning Permissions

1. Who Should Set Permissions & the Ideal Process

  • When a new employee joins or changes roles:
    • HR should initiate the process by either:
      • Creating the user in OurSys and assigning the appropriate User Profile, or
      • Instructing the IT administrator via email or another traceable method.
    • IT administrators must never assign roles independently without explicit instructions.
  • The same process should be followed when an existing employee's role changes.
  • Documenting this flow ensures transparency and reduces the risk of unauthorised access.

2. Maker, Reviewer & Approver Levels in OurSys

OurSys supports a three-level control structure for critical actions:

  • Maker - creates the record or transaction
  • Reviewer - verifies or checks the data
  • Tasks can be broken into sub-tasks and assigned to multiple users.
  • Approver ? authorises or finalises the action

Department heads should define who takes each of these roles within their teams for each process. Based on this, User Profiles can be created by IT administrators to reflect these layered responsibilities.

3. Managing New Features & Periodic Updates

OurSys introduces new features and links approximately every 3 months. To stay current:

  • Department heads must:
    • Review release notes promptly.
    • Evaluate the relevance of new features for their team.
    • Update the associated User Profiles accordingly.
  • IT administrators must:
    • Ensure that release notes are circulated to all department heads in a timely manner.

Failing to do so may result in users missing out on helpful tools.

4. Speeding Up User Profile Creation

Since most users within the same department have similar access needs, you can streamline profile creation by:

  • Creating a base User Profile for a role in the department.
  • Copying the base profile to quickly create new ones for similar roles.
  • Making minor adjustments (e.g., approval limits, access to specific modules) as needed.

This prevents starting from scratch each time and maintains consistency across roles.

5. Does OurSys Provide Template Guidelines for User Profiles?

Yes, OurSys provides standard guidelines as part of the Effective Implementation Procedure.

  • If you require a copy, please contact our support team at: care@momentainfo.com

These templates serve as a great starting point and can be tailored to meet your company's specific needs.

6. Can You Customise Permissions After Assigning a User Profile?

Yes. OurSys supports fine-tuning individual user permissions even after assigning a User Profile.

  • This flexibility prevents the need to create too many unique profiles for small exceptions.
  • However, use this feature sparingly to avoid inconsistency and permission sprawl.

A good rule of thumb: If more than 2-3 users need the same set of additional permissions, create a new User Profile.

Additional Best Practices (Recommended)

Here are a few more tips to strengthen your rights management:

  • Conduct periodic audits (e.g., quarterly) of all user permissions to ensure they are still relevant.
  • Remove access for users who are on extended leave, have changed departments, or left the company.
  • Log permission changes for traceability and compliance purposes.
  • Restrict "Admin-level" access to as few users as possible.
  • Use naming conventions for User Profiles (e.g., "Sales_Manager_Local" or "Finance_Reviewer_Chakan") for easier identification and maintenance.

Need Help?

For assistance in setting up user rights, customising User Profiles, or understanding release note implications, contact our support team:

care@momentainfo.com