Setting the right permissions and limits for an ANVA user has long been an essential part of ANVA Backoffice. The permissions that are currently still linked at the individual level and manually can be based on user profiles for all ANVA customers from the beginning of August. How exactly that works we will be happy to explain to you.
From the SOX (Sarbanes-Oxley), user profiles have for some time been a mandatory component for all ANVA clients related to U.S. publicly traded companies. The SOX is an American law established in 2002 to enforce corporate governance. This law provides auditors with the proper support during their audit of systems. SOX is a requirement for large listed companies and contains guidelines on how these companies should report and what assurances they should build in. Deploying user profiles is part of this.
To make ANVA Backoffice fit SOX correctly, the developers on product owner Rita van Poppel's team dove deep into the code. She says: "A user is the core of our software, to which we link what someone is allowed or not allowed to see, modify or add. As an administrator of ANVA you can now create a user profile and link the appropriate rights and access to it. In this profile you define what rights someone has in terms of AVG, change and menu permissions, damage limits, impersonal settings and office access. All employees belonging to the same department or function can be linked to one profile as desired."
To build a user profile, ANVA provides a set of basic elements. For each element, you as administrator can adjust the settings yourself, by checking whether it applies or not. Once you have formulated a user profile, you can link your employees to this profile.
The deployment of user profiles offers a lot of advantages, especially in the area of control and management. This is because user profiles make it easier for an auditor to check, because samples can be taken at profile level instead of person level. Without that, an auditor might have to go through hundreds of users to check your organization's compliance.
As an administrator, user profiles also make your job a lot easier. Do you want to change the permissions of a certain department or function group? Then from now on you only need to do this in the user profile and no longer on a person level. A considerable gain of time!
So is there any downside to moving to user profiles? Rita: "The only disadvantage is the loss of flexibility. When you choose to deploy user profiles, it is not possible to turn on or off a checkbox for access here and there. A profile is a profile and is fixed. Do you want to be and stay flexible? Then we advise you to keep the current way of user administration. Do you want to make your way of working verifiable and auditable? Then choose the use of user profiles".
The first three ANVA customers have now started setting up and rolling out their user profiles. They are testing this new functionality in a pilot until the end of July. From release 51.P03.10 (which will be released in early August), all ANVA customers will be able to activate the user profiles. Until then, however, you don't have to sit still. In fact, you can already start creating and setting up user profiles and linking users now. A nice job during the perhaps quiet summer months.
Once all steps are complete, the new user settings are synchronized with the linked user profile at login. "Before you transition, make sure you have good and clear internal communication. Inform everyone about the deployment of user profiles and also tell them what might be different at the next login. That way your users know what rights they will gain or perhaps 'lose'. That will save you a lot of phone calls!", Rita concludes.
