Most organizations have clear guidelines and rules for assigning access rights. However, more often than not they do not have structured processes for removing these access rights when they are no longer needed. Without such workflows in place, every department change, resignation or allocation of special rights leads to more chaos.
Without professional user management, nobody knows who has access to what data and when. And if that is the case in your company, you’re opening the doors wide to both internal data theft and cyberattacks from outside. Today’s article therefore focusses on showing you how to prevent incorrect and/or outdated access rights.
Getting Rid Of Outdated Permissions
1 – Define Profiles and Standard Rights
A simple approach to managing permissions is the use of “profiles”. Profiles are basically collections of permissions required by certain user groups. Users can then be assigned to any number of these profiles, for instance the profiles “IT department” and “Team leader”. Not only does this method simplify the process of assigning permissions, it also makes it much easier to remove permissions when users change departments, for instance, or for any other changes that may occur.
Solution in tenfold
In the access management software tenfold, admins can configure profiles via the tenfold interface. Through these profiles, users are automatically given all the basic permissions associated with their department, cost center, position or location. Profiles are assigned automatically based on user master data. tenfold can import the master data automatically from the HR database.
Users can request additional permissions via tenfold’s self-service portal in the user interface. Such requests trigger an approval workflow, in which the data owners who are responsible for the permissions that were requested by the user must approve or reject the request (data owner concept).
If the user in question moves to another organizational unit, tenfold automatically adjusts that person’s permissions – and you can even set a time delay for this action where necessary. When a profile is updated, the changes can be rolled out simultaneously to all users assigned to the profile.