ERP Access

Legal

Terms of Service

ERP Access is an internal enterprise gateway. Use of this system is limited to authorized personnel performing approved administrative, issuer, and audit duties.

Authorized use only

Only approved internal personnel with an active portal account may access ERP Access. Portal users are individually attributable, and all privileged actions are subject to audit review.

  • Guest pages are informational; management functions require sign-in.
  • Portal accounts may only be used by the individual to whom they were assigned.
  • The organization may suspend or revoke access at any time for operational or security reasons.

Operator accountability

Actions taken in the portal are considered attributable to the authenticated user. This includes issuing credentials, changing policies, updating schedules, and reviewing operational evidence.

  • Admins are responsible for full-system actions such as account management, kill-switch changes, and unrestricted credential issuance.
  • Issuers are responsible for safe handling of the credentials they generate for themselves.
  • Users must review logs and audit context before claiming that the gateway or upstream service is unavailable.

Credential and policy handling

Users must apply least-privilege principles when issuing credentials or assigning policy access. One-time secrets should be captured securely and rotated when there is any doubt about exposure.

  • Policy changes and grant changes are expected to align with approved business needs.
  • Deleting a policy or revoking a credential can immediately affect downstream integrations.
  • Admin unrestricted credentials are exceptional controls and should only be used where bounded policies are not sufficient.

Operational and legal expectations

The system may enforce configured restrictions such as schedules, account suspensions, and the global kill switch. Those states are valid operational outcomes and should not be treated as defects by default.

  • Use of ERP Access may be monitored, logged, and reviewed for operational, security, and compliance purposes.
  • Attempting to bypass internal controls, suppress auditability, or misuse issued credentials is prohibited.
  • All use of upstream ERP connectivity remains subject to the organization’s internal governance and vendor obligations.

Change control and support

Configuration changes should follow approved internal change processes. Support requests should include enough audit context to let reviewers reproduce or understand the issue without guessing.

  • Where available, include correlation IDs, affected Volo accounts, token timing, and denial reasons.
  • If the portal reports schema drift, migrations should be run before opening a defect on missing features.
  • Use the guest `System Status` page as a pre-check before escalating a broader availability concern.