How much access do you give users?
Home > IT Answers > Security > How much access do you give users?
JimHayward
5 pts.
0
Q:
How much access do you give users?
Access Rights, Enterprise data management, User access
I am auditing a enterprise data warehouse and am concerned at the level of access provided. I've found many users who have read, update, and delete rights to all working environments (testing, QA, Production)
ASKED: Oct 30 2008  2:09 PM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
RELATED QUESTIONS
0
Mrdenny
46795 pts.
0
A:
 RATE THIS ANSWER
+1
Click to Vote:
  •   1
  •  0
  • AddThis Social Bookmark Button
Three words: Segregation of Duties

Be sure that this is the criteria that you use to review the access levels.

-------

I give users the least rights that they need to do their job. Unless their job includes updating the data in the data warehouse (which it probably doesn't) they should have SELECT rights only at the most, assuming they have rights to the data warehouse at all. Typically what I see is a data warehouse which pretty much no one can access, that spits out tons of reports nightly which are all that people can see.
Last Answered: Oct 31 2008  11:02 PM GMT by Mrdenny   46795 pts.
Latest Contributors: Labnuke99   26290 pts.
  •   
0
0
RSS - Discussions Help
Discuss This Answer:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Schmidtw   10505 pts.  |   Oct 30 2008  5:01PM GMT

I agree with LabNuke99. If they don’t use it, they don’t need it.

At my company, we give users a pretty limited control base despite starting them as power-users.

Hope this helps!

-Schmidtw

 

KevinBeaver   7610 pts.  |   Oct 31 2008  2:26PM GMT

Interestingly you’re not alone. In my work I see very few environments that are segmented or utilize the concept of segregation of duties. That certainly doesn’t make it right…Look at how it’s creating business risks - that’s what matters at the end of the day. Login as a regular domain user and see what can be done from a malicious user’s perspective. This is the stuff that’ll get the attention of management.

 
0