Users report missing menus, blocked transactions, or unexpected access. Audit findings call out segregation-of-duties gaps.
Why it happens
- Function profiles built ad hoc instead of role-based
- Access codes overlapping or contradicting each other
- User role assignments out of date
- Site, sales site, or company access not set correctly
- Custom screens or transactions not added to any profile
Diagnostic steps
- 1. List effective access
For the affected user, list every function and access code they receive — not just the role name.
- 2. Compare to peer users
Compare against a user with correct access in the same role. Differences are usually missing assignments.
- 3. Audit profile inheritance
Sage X3 access stacks across role, profile, and user-level overrides. The override is often the cause.
- 4. Run a segregation-of-duties report
List combinations of access that violate SOD policy. Almost every long-lived environment has some.
Fixes
Rebuild profiles around roles
Define a small set of clean role-based profiles and migrate users to them. Retire one-off profiles.
Implement SOD checks
Define SOD rules and run them monthly. Track exceptions through approval, not silently.
Annual access review
Each manager reviews their team's access annually. Document approval.
Document the access model
Without documentation, access drift will return within a year.
Prevention
- Annual access review with manager attestation
- SOD report run monthly
- Standardized onboarding/offboarding procedure
PRH Consulting can resolve this for you
Our sage x3 support practice handles issues like this regularly. Most engagements start with a short scoping call.