Permission Management: 4 Tips for Choosing the Right Software

A permission management software must integrate with all of your organization’s key systems, including such core services as Active Directory and other systems where permissions play a role: file servers (network shares), Exchange, SharePoint, Citrix, and more. Integration with third-party systems makes it easy to manage Exchange permissions and allows the AD to be synchronized more easily with SAP.

Many programs use an additional, separate user database to manage users and permissions. These user accounts and permissions are just as important and should therefore also be integrated into your central permission management system.

Permission management software must be able to fully model all of the key processes in your company. As an example, let’s examine how best practices for an onboarding process can be implemented using the permission management software tenfold.

A company hires a new employee, we’ll call him Mr. Johnson. First, HR registers Mr. Johnson. The new data is transferred to tenfold automatically.

The program then assigns the pre-defined default permissions to Mr. Johnson automatically. These default permissions are determined on the basis of certain attributes that apply to Mr. Johnson, such as the department he will be working for or the office location. Mr. Johnson’s supervisor is informed about the new addition to the team well in advance of Mr. Johnson’s first day of work. This gives the supervisor plenty of time to assign any additional permissions he or she thinks Mr. Johnson will be needing (data owner concept).

Simultaneously, the software automatically generates an e-mail account and a home directory for Mr. Johnson. The night before he is due to come into work for the first time, it activates his accounts, generates all the required initial passwords, and sends them to Mr. Johnson’s supervisor via e-mail.

Besides onboarding processes, your selected permission management software should also be able to model other important user lifecycle processes. Let’s assume Mr. Johnson has been at the company for some time now and is due to switch to another department. Ideally, the best practice workflow would look like this:

The software determines a transition period during which Mr. Johnson will possess both his old and new permissions. This feature comes in handy when training staff for new positions or for training successors.

The permissions for the old department automatically expire on the defined date/time. From then on, Mr. Johnson will only have the rights required for his new position. In tenfold, privileges are consistently assigned on the basis of the principle of least privilege. If an employee leaves the company, the software automatically revokes all their permissions and locks or deletes any associated accounts.

Permission management software is only truly effective if it incorporates all members of the organization into the workflow. In other words, the way in which permissions are assigned to users must reflect and be closely interwoven with your organization’s structure. It is vital that departments and people of relevance are included into the same workflow. These include:

Integration must be proactive (as is the case with tenfold), for instance through e-mail notifications. Most users are not trained in permission handling, so the software must provide them with a user-friendly interface and pack all the complicated bits into the back-end.

Implementing software for permission management can be done in a day. However, it really depends on the complexity of the processes and workflows you need it to cover. The more complex they are, the longer the implementation will take. It is therefore vital that you plan the integration well.

Take it one step at a time and put every individual step you have implemented into operation immediately. This way, the system will be expanded in functionalities gradually but steadily. If you try to integrate all systems and implement all workflows directly within the first step, you might run into issues concerning schedule and budget plans.

From a technical standpoint, it is much easier to integrate software solutions that apply best practices and provide interfaces to common applications and systems.

You should further research whether the chosen software is compatible with a wide range of applications and systems out-of-the-box. tenfold’s Enterprise Edition, for example, comes with a Generic Connector that allows you to integrate systems and applications for which there is no standard plugin available.