Access Control
To function smoothly, EDI trading partners must permit a degree of access to private data files that would be forbidden in a traditional environment. The trading partner agreement will determine the degree of access control in place. For example, it may permit the customer’s system to access the vendor’s inventory files to determine if inventories are available. Also, trading partners may agree that the prices on the purchase order will be binding on both parties. The customer must, therefore, periodically access the may need access to the customer’s price list to update prices.
To guard against unauthorized access, each company must establish valid vendor and customer files. Inquiries against databases can thus be validated, and unauthorized attempts at access can be rejected. User authority tables can also be established, which specify the degree of access a trading partner is allowed. For example, the partner may be authorized to read inventory or pricing data but not change values.