Tag Archives: permission

Periodic Access Review Problems

One of my current clients is trying really hard to do periodic access reviews.

They know that mistakes are made in granting access, that users get access and eventually don’t need it anymore, but don’t tell anyone, and that some users leave the company without their manager’s knowledge (I never have understood how that happens, but it does; it has happened in every Fortune 500 company in which I’ve worked).

Continue reading

7 Comments

Filed under Audit, Security, Technology

How to Audit User Access

How to Audit User AccessWhen checking system access, make sure you look at all the different items that affect the user’s access. For example, the user might need one or more of the following:

  • Application ID
  • Application role or group
  • Membership in an local server group, Active Directory (AD) group, or UNIX Group
  • Access to the application’s share and/or folder on the server
  • Database ID
  • Database role, including access permissions (read/write)
  • Other permission (from a home-grown application code or enterprise identify management system)

Continue reading

5 Comments

Filed under Audit, How to..., Security, Technology

Quote of the Strong (Get Permission)

Since I started Quote of the Weak, I haven’t heard that many good quotes we can share a chuckle over. So, in contrast, here’s a great quote of the strong:

Continue reading

Leave a comment

Filed under Audit, Security