Problem solve Get help with specific problems with your technologies, process and projects.

How to distribute and monitor rights and permissions

Learn how permissions and rights should be distributed and monitored in an organization in this security management Ask the Expert Q&A.

How should permissions and rights be distributed in an organization and how should they be monitored?
Rights and permissions should be centrally controlled in some manner. It could be through a single sign-on technology, an identity management tool, or a home-grown internal solution. Most standards and regulations now require that a manager sign-off on employee or contractor access before the access is actually granted. If it is not automated, it can be very difficult to satisfy this requirement.

A business unit manager, data owner or system owner should indicate whether a specific user is assigned certain...

rights to files, applications and network resources. It is best if individual business unit managers (manager of HR, manager of the accounting department, manager of R&D, etc.) are assigned to the data owner roles. This means they are responsible for classifying the data they are responsible for. So when Sally, a new HR employee needs to set up a network account, a request is sent to the HR manager. Once the HR manager approves this access, a request is sent to the data custodian (usually the IT group) with information on the type of account Sally needs with what type of access.

For internal auditing purposes, user accounts on different network systems should be compared to what is in the centralized system. This keeps track of who has approval for specific access types, ensures that there are no orphaned accounts and verifies that users are only receiving the access rights required for their jobs. In my opinion, it is best to implement this procedure every 3-6 months. Please note that this is usually only done on the mission critical systems, however through automated tools, it can be done on all systems.

This was last published in January 2006

Dig Deeper on Privileged access management

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.