We are playing with this idea as well. Obviously, access for suppliers/vendors should be limited to precisely the data and functionality they need to know. This is an area that we will continue to see recommendations in the next few years due to many companies' emphasis on Supply Chain projects.
The biggest hurdles I have uncovered are managing the user accounts from a distance: how do we track users, turnover, and password management? I have noted that many companies are turning to off-the-shelf provisioning products that manage many of these 'opportunities' and allow for distributed administation by a vendor delegate. My personal opinion is that vendor access should be limited to functionality and data specific to that vendor's business relationship. Furthermore, user accounts should be "silo'd" in an associated user group and reviewed on a periodic basis (hopefully automatically) for usage and access. Obviously, I suspect that any organization allowing vendors access will have supporting legal and contractual language that governs both use and the expectation of confidentiality.
Dig Deeper on SAP security
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.