Career opportunities: We are looking for Developers & Engineers for immediate collaboration. Join our team!

Blog

IT Administrators vs ERP Consultants

IT Administrators vs ERP Consultants

Tilemachos Koumartzakis
March 28, 2025
12 views

There is a silent conflict playing out daily inside corporate networks. You won’t find it in dashboards or SLA reports. It’s not formally recorded, though you can sense it buried in tickets, shrouded in words. And yet, it directly impacts stability, security, and ultimately the business itself. This is the war between System Administrators (hereafter, sysadmins) and ERP Consultants.

Two Worlds, Two Priorities.

On one side, the sysadmin. The person responsible for uptime, backups, security—everything that falls under business continuity—and, when things go wrong, the one expected to fix it.
They think in terms of:

  • Risk
  • Least privilege
  • Change control
  • Business continuity

On the other side, the ERP Consultant. Typically highly skilled in business processes, configuration, and reporting. But driven by a single KPI: make the ERP system work the way the client wants—now.
They think in terms of:

  • Deliverables
  • Deadlines
  • “Just make it run”
  • “Give me full access so we can get this done”

The problem? These two worlds clash at almost every critical point. The Classic Scenario: “Just Give Me Full Control”. If you’ve worked even once in an ERP environment, you’ve seen it.
The consultant insists: “Give me Full Control on this folder because the reports aren’t working.”

  • No analysis
  • No troubleshooting
  • No real understanding of what’s actually required.

Here’s the blunt reality: In 90% of cases, Full Control is not needed.
What’s actually required is:

  • Read
  • Write (at most Modify, and only after proper validation)

Full Control means:

  • Ability to change permissions
  • Ability to delete files and entire structures
  • Complete control over potentially critical data
  • Unrestricted ownership and inheritance changes
  • Violation of the least privilege principle
  • Security chaos, with no clear traceability of actions
  • Reduced trust in logs
  • Negative impact on auditing (ISO, GDPR, etc.)

In other words, a simple technical request quickly turns into business risk. And the worst part? Some don’t even realize it—or worse, they do, but only care about their own deliverables. The Real Problem: Ignorance of Risk, Not Bad Intent. Let’s be clear.
Most ERP Consultants are not careless or irresponsible.
They simply:

  • Lack deep infrastructure knowledge
  • Have never experienced real production incidents
  • Have never paid the price of a security failure

They haven’t seen:

  • Ransomware spreading through a shared folder with weak permissions
  • Data corruption caused by uncontrolled writes
  • Audit failures because “someone had Full Control”

The sysadmin has seen those, and that changes everything!

Other Common Points of Conflict.

1. “Make the user a local admin”
The consultant needs to run a tool or script. Their solution: “Just make the user a local admin.”
Reality:

  • You expose the endpoint
  • You enable lateral movement
  • You bypass every security policy in place

The correct approach:

  • Elevation only where strictly required
  • Application whitelisting
  • Controlled execution

2. “Open all ports to check if it’s the firewall”
Translation: “I don’t know what’s wrong, so remove all controls”. That’s not troubleshooting. That’s digital recklessness.

3. “It was working yesterday—you must have changed something”
The most dangerous phrase of all.
It implies:

  • IT is always at fault
  • There is no change tracking on the ERP side
  • There is no structured debugging process

The Hard Truth No One Says Out Loud.

  • If a sysadmin keeps handing out Full Control, admin rights, and policy bypasses: They are not doing their job!
  • If an ERP Consultant keeps asking for them: They don’t understand the environment they’re working in.
  • And if management keeps pushing for “just get it done quickly”: They are consciously choosing risk over stability.

Where the Balance Lies.

This is not about one side “winning” It’s about structure.
For the IT Administrator:

  • Stop just saying “no” → explain the risk
  • Provide alternatives (Modify instead of Full Control, precise ACLs)
  • Document everything (audit trails matter)

For the ERP Consultant:

  • Understand what your application actually requires
  • Stop asking for blanket permissions
  • Work in controlled environments (test before production)

For the Business:

  • Enforce policies, not improvisation
  • Demand accountability from both sides
  • Invest in collaboration, not blame

Final Thoughts.

This conflict is not technical. It’s cultural. The sysadmin protects the system. The ERP Consultant serves the business. When one ignores the other, the outcome is always the same: Either security or functionality breaks. Sometimes, they both break! A mature IT environment is not one that simply “works.” It’s one that works without collapsing at the first mistake. And in that kind of environment, there is no room for shortcuts like: “Just give me Full Control so we can get this done”.

Mental Informatics
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.