General discussion

Locked

Who decides what to access in a database

By Aldanatech ·
At what level of decision-making do you think the criteria for deciding who gets access to what should be defined? Is this primarily a question for management to resolve or can staff decide it? Which issues should be addressed by whoever made the decisions on access and security?

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by OTL In reply to Who decides what to acces ...

As the program to access/input data is written some sort of login should be required to secure some/all the data. With the addition of new users (normally) it requires the authorization of a 2nd line manager/director/VP and the individuals supervisor (may also require corporate security to ok the access). The manager/director/VP has the budget for the section thus they are ultimately responsible for the authorized use/mis-use of the data. Staff can request however the ultimate responsibility will be with management.

Mis-use is normally grounds for termination and a statement saying it is for authorized users on log-in afirms this to the user, releasing the the company from possible future legal action.

Automatic authorization can be made by position (ie: engineering can add equipment/cost of it, but not billing for a customer or even access to see what the customer is billed)

FYI - In the military the same system is in place, senior enlisted can recommend access however an officer (2nd line manager) has the ultimate responsibility to allow or deny access.

Collapse -

by Aldanatech In reply to

Poster rated this answer.

Collapse -

by Aldanatech In reply to Who decides what to acces ...

This question was closed by the author

Back to Security Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums