Dear Gurus

We have a service provider providing LN technical and functional support on our environment. They currently use Super user Menus which our auditors have highlighted as an issue.
1. May i please have your suggestions on what other service providers are doing to provide support to their customers.
2. Is it always necessary to have superuser menus to provide support?
3. Can a service provider provider effective support with read-only menus?
4. Auditors have recommended that we do not give them any Maintain menus at all.

Your ideas/observations and experiences would be most welcome.

Overall, the "customer" will always have the final say when providing or restricting access. Certainly due to the nature of the data (its sensitivity) or the role of the consultant you may very well want to do that.

That said, i have worked as an techno / functional ERP consultant for 15 years and the firm I worked for always had some type contractual clause stipulating access requirements. Part of the contract essentially stated what we could or couldn't do with the data.

We would be given unrestricted / super user access to DEV and TEST and more often than not PROD in order to perform the activities we were engaged for.

Often in addition to the contracts, consultants themselves had to sign various types of "request for access" or "do not disclose" forms.

We can't forget that consultants are not cheap and making them request and wait for access as needed is counter productive. Unless you have the money for it. These types of access are always temporary and its a good idea to get a regular status of their activities. Even though they have "free reign", so to speak, its your responsibilty to know what they're doing.

I now work in the "industry" and we have the same type of deal with our consulting partner.

That's my take. Hope it helps!

Thanks lets here what other people's experiences are