Q

How to distribute and monitor rights and permissions

Learn how permissions and rights should be distributed and monitored in an organization in this security management Ask the Expert Q&A.

How should permissions and rights be distributed in an organization and how should they be monitored?
Rights and permissions should be centrally controlled in some manner. It could be through a single sign-on technology, an identity management tool, or a home-grown internal solution. Most standards and regulations now require that a manager sign-off on employee or contractor access before the access is actually granted. If it is not automated, it can be very difficult to satisfy this requirement.

A business unit manager, data owner or system owner should indicate whether a specific user is assigned certain rights to files, applications and network resources. It is best if individual business unit managers (manager of HR, manager of the accounting department, manager of R&D, etc.) are assigned to the data owner roles. This means they are responsible for classifying the data they are responsible for. So when Sally, a new HR employee...

needs to set up a network account, a request is sent to the HR manager. Once the HR manager approves this access, a request is sent to the data custodian (usually the IT group) with information on the type of account Sally needs with what type of access.

For internal auditing purposes, user accounts on different network systems should be compared to what is in the centralized system. This keeps track of who has approval for specific access types, ensures that there are no orphaned accounts and verifies that users are only receiving the access rights required for their jobs. In my opinion, it is best to implement this procedure every 3-6 months. Please note that this is usually only done on the mission critical systems, however through automated tools, it can be done on all systems.

This was first published in January 2006

Dig deeper on Enterprise User Provisioning Tools

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close