2. Database Authorization
Some relevant database tables and attributes are presented in the figure designated Problem 4-2 in the chapter.
Required:
A) Create a database authorization table for an Accounts payable clerk. Structure your response similar to the example below:
|
Table 1 Name |
Table 2 Name |
Table ….. |
|
Authority Level |
|
|
|
|
Read |
Y |
Y |
Y |
|
Insert |
Y |
N |
N |
|
Modify Delete |
Y |
|
|
|
|
|
|
|
|
Indicate the name of each table the AP clerk may access and the degree of access privilege such as:
Read data from the table
Insert data into the table,
Modify or edit data in the table
Delete data (attribute values or entire records) from the table
B) Explain your answers to part (A) above.
Response:
A) The table below illustrates the appropriate access privileges for the AP clerk whose job is to review the supplier’s invoice and set up a liability, which will later be paid.
Database Table |
Purchase Order |
Receiving Report |
Vendor Invoice |
|
Authority Level |
|
|
|
|
Read |
Y |
Y |
Y |
|
Insert |
N |
N |
Y |
|
Modify Delete |
N N |
N N |
N N |
|
B) The process involves performing a three-way-match of the PO, receiving report, and the Vendor Invoice. Before setting up an account payable the clerk will verify the items invoiced were ordered (PO), received in good condition (receiving report), and that the invoice charges are correct. To do this the clerk needs “Read” access to the PO and receiving report tables and “Read” and “Insert” access to the Vendor Invoice table. Once the three-way-match is complete, the clerk transcribes the details from the supplier’s hard copy invoice to the Vendor Invoice table and assigns a due date. This establishes the liability. The unpaid invoices at any point in time constitute the accounts payable.
The AP clerk normally would not have “modify” or “delete” access to the Vendor Invoice table. Editing and deleting existing records in a table should be a supervisor function.
Also, the clerk should not have insert, modify, or delete access to the PO and receiving report tables. Such access would allow the AP clerk to enter fraudulent PO and receiving report records. The clerk’s legitimate “insert” privileges would then allow him to create a fraudulent supplier’s invoice (on behalf of himself or a conspirator) and set up a false liability, which would later be paid.
To do:
1. rewrite the question (B) answer, use your own word. That answer is correct answer, i copy from internet.
2. zero plagiarism, not page require