Application access rights / user authorisation rights
Posted on 2011-03-23
Is there any generic best practice considerations when setting application users “access rights”/”authorisation rights” for applications that process personal/sensitive data, lets say a payroll/HR application?
Basically from a data protection / fraud perspective more than anything, some apps I have seen have powerful report features where you can run off a big dump of data out the app to excel spreadsheet, then there’s issues like what users need access to for their job, what users can do with the data etc.
I just want some general best practice to ensure I have considered everything.