Access rights are the permissions each individual user has to company applications and resources such as printers, computers, and online file storage.
Why is Managing User Access Important?
Your company has significant value not only in the data it creates and owns but also in the data your clients have entrusted to you. Employees and third party partners have the need to view, change, and delete data in their daily activities. Imagine what could happen if everyone had unlimited access to every application and its data?
How is User Access Implemented?
If you're like most company leaders, the thought of implementing a secure user access policy sounds tedious and counterproductive.
Won't controlling what employees can access just get in their way? Not at all. Your well-organized user access policy will ensure each user has what he needs to do his job. What he doesn't have permissions to won't affect his activities because he doesn't need them.
Creating a first-time policy does take time, but the benefits to your company's health and security are substantial. Once you have the policy created, a regular periodic review will ensure your company's valuable assets remain protected.
Let's walk through a basic example of role-based access control (RBAC), a widely-used method.
1 Company Users
Who are all your employees?
Are there any third-party users?
2 Group Users by Roles
What are the major functions in your company?
Which function does each user do?
Since these are broad groups, users should belong to only one group. Their access rights can be defined more granularly in your policy.
3 Their Workflow
Users have the access they need to productively and securing complete their activities. This is called the principle of least privilege. Users have access only to the data they absolutely need.
For example ---
Tony and Carol are active users of the company's CRM, creating the customer information and maintaining the ongoing sales notes.
When the sale is complete, the prospect becomes a client. The customer data created by the sales team is integrated with the accounting software for Peg and Sue.
Ana, Monica, and Laura, the client services team, begin planning their ongoing client engagement. They can view but not change the customer data in the CRM and add their activity notes. They don't have access to any of the financial information.
The technical team is planning their deliverables for the client's new data integration project. Duane, Ron, Jason, and Bob have access to the project planning software as well as the full suite of development tools they will need. None of the other groups have access to this software.
The admin team of Shawn and Sonya provide suppport for the other teams. They receive requests for specific activities but do not have access to any of the software or apps the other teams use.
Ganga and Linda are continually aware of the progress and activities for all the teams. The information provided to them is through realtime dashboards. Data is extracted from the relevant software and systems, but the executive team does not have direct login access.
