3 Ways to Prevent Outdated Access Rights

Without professional user management, nobody knows who has access to what data and when. And if that is the case in your company, you’re opening the doors wide to both employee data theft and cyberattacks from outside. Today’s article therefore focusses on showing you how to prevent incorrect and/or outdated access rights.

A simple approach to managing permissions is the use of “profiles”. Profiles are basically collections of permissions required by certain user groups. Users can then be assigned to any number of these profiles, for instance the profiles “IT department” and “Team leader”. Not only does this method simplify the process of assigning permissions, it also makes it much easier to remove permissions when users change departments, for instance, or for any other changes that may occur.

In the access management software tenfold, admins can configure profiles via the tenfold interface. Through these profiles, users are automatically given all the basic permissions associated with their department, cost center, position or location. Profiles are assigned automatically based on user master data. tenfold can import the master data automatically from the HR database.

Users can request additional permissions via tenfold’s self-service portal in the user interface. Such requests trigger an approval workflow, in which the data owners who are responsible for the permissions that were requested by the user must approve or reject the request (data owner concept).

If the user in question moves to another organizational unit, tenfold automatically adjusts that person’s permissions – and you can even set a time delay for this action where necessary. When a profile is updated, the changes can be rolled out simultaneously to all users assigned to the profile.

As we have learned, it is possible to assign and retract permissions via profiles. But what about special rights that occur when users come together from different departments to work on a project for a certain period of time? There’s usually no workflow for removing these extra rights once the project has been completed and everyone returns to business as usual.

tenfold comes with an integrated recertification process that ensures data owners are regularly prompted to review the permissions they are in charge of. If the permissions are still needed, the data owner can simply reconfirm them. If they are obsolete, the data owner can remove them. You can configure the intervals at which recertification is to take place individually. Advantages of this feature include:

During their time at the company, users go through various lifecycle phases: from joining to changing departments to leaving. There are also special cases, where people leave the company for a certain period of time and then return again, such as military service, parental leave or sabbaticals. What happens to a person’s permissions while they are away? This really depends on the company itself. There are many ways to deal with such cases.

As part of user lifecycle management (ULM) in tenfold, you can simply configure and manage absence reasons such as parental leave, military service, sabbaticals or any other type of absence according to your what your company needs.