Product requirement: Structured areas within entities with role-based access control
M
Main Newt
Objective of the request
------------
In many entities, information is maintained by different roles and teams. Currently, this information is often in a common structure, which creates several problems:
Users see fields that aren't relevant to their work
Fields can be changed by mistake
Clarity suffers
Responsibilities for data are not clearly separated
The aim of this requirement is therefore to divide entities into logically separated areas (sections), which can each be provided with their own access rights.
Structured areas within an entity
------------------------------
Within an entity, it should be possible to define various areas, such as:
master data
process information
Risk analysis
Business Impact Analysis (BIA)
Compliance information
These areas combine thematically related fields.
This makes the structure of an entity much clearer and easier to adapt to different usage scenarios.
Role-based access control to areas
-----------------------------
It should be configurable for each area:
Who can see the information
Who can edit the information
This allows different teams to maintain different parts of an entity without having access to all fields.
Use case: processes
----------------
One specific use case concerns the maintenance of process information.
In our case, information about processes is maintained by different roles:
Product teams or departments maintain basic process information
Agents or risk owners maintain risk scores and assessments
The risk scores are maintained by the agents and are sometimes calculated automatically, while basic information comes from other teams.
Separate areas with appropriate authorizations can prevent data from being accidentally overwritten or changed.
Use Case: Business Impact Analysis (BIA)
-----------------------------
Another problem occurs when carrying out a business impact analysis (BIA).
When editing a BIA, users only want to see and edit the relevant fields.
Currently, it often happens that users “stumble” across other fields of the entity while editing and may accidentally change them.
Separate areas with appropriate authorizations or editing views could focus on the actually relevant information.
Validation and data quality
---------------------
In addition, it should be possible to clearly identify:
Which fields are not filled
Which fields contain incorrect or incomplete data
Ideally, this should be visually emphasized, for example by:
Status indicators per area
Marking mandatory fields
Validation when saving
This makes it easy to see whether an entity has been fully maintained or whether information is still missing.
Expected added value
-----------
This feature would provide several benefits:
better structuring of complex entities
clear separation of responsibilities for data
reduced risk of unintended changes
focused processing of specific tasks (e.g. BIA or risk analysis)
better data quality through visible validation and completeness verification
M
Main Newt
I think that auditors will also see a problem here.
It should be possible to establish a clear separation of functions and ensure that only the information that may be adapted is adjusted accordingly.
Thank you