Role-Based Access Control – Where to Begin - Part II
In Part I of this series we discussed the benefits of implementing Role-Based Access Control. In order to realize these benefits, we need to understand what applications their employees use to be productive in their jobs.
Question: How does someone go about developing a coherent and consistent definition of Roles across the information systems?
Answer: Application Portfolio Management (APM) and Application Rationalization
Application rationalization can help address the following:
A good starting point to cleaning up this mess is to reach out to the application owners for the most sensitive/risky applications and show them the departmental positions that use the application and ask if those positions have the appropriate access. The application owners provide the first cut, eliminating those users in positions (and departments) who should never have access to the application.
Application Rationalization Step 2 -Identify the real needs
The next step is to go to the business managers in each respective department and get their approval as to which information and applications are required for each position.
Application Rationalization Step 3 - Final Step
Coming soon: Role Based Access Control – Building your Role Library - Part III
Question: How does someone go about developing a coherent and consistent definition of Roles across the information systems?
Answer: Application Portfolio Management (APM) and Application Rationalization
Application rationalization can help address the following:
- Identify users that do not need access to the application
- Establish a baseline for each position and how they use the information in applications
- Identifies types of access required for each job/position
- Prioritizes applications and identifies best candidates for RBAC implementation
A good starting point to cleaning up this mess is to reach out to the application owners for the most sensitive/risky applications and show them the departmental positions that use the application and ask if those positions have the appropriate access. The application owners provide the first cut, eliminating those users in positions (and departments) who should never have access to the application.
Application Rationalization Step 2 -Identify the real needs
The next step is to go to the business managers in each respective department and get their approval as to which information and applications are required for each position.
- Remove user from applications they no longer need access to or use.
- Align information access with job responsibility/position.
- Prioritize applications that will benefit the most from RBAC automation
Application Rationalization Step 3 - Final Step
- Obtain buy-in from stake holders: Managers, Application owners and users.
Coming soon: Role Based Access Control – Building your Role Library - Part III
Labels: Access Control, Application Rationalization, roles based access control
posted by Ron Bowron at
6:30 PM
|
0 Comments
Links to this post
