You work for a company that is growing. Originally, all the users in all departments had access to all the data in the database.

Question

NeX [460]

2 years ago

6

You work for a company that is growing. Originally, all the users in all departments had access to all the data in the database.

It is considered a security risk. What is an appropriate action to reduce the risk?

Computers and Technology

2 answers:

elena-s [515] · Answer 1 · 2022-06-21T10:49:26+03:00

Answer:

Authorization levels (privileges) need to be set for the users in the company.

Explanation:

Users need to be classified according to their departments and their position. Each group should see only related data, so their authorizations need to be done accordingly.

Also managers and staff should have different levels of reach to the data. Thus their privileges should set accordingly.

NeX [460] · Answer 2 · 2022-06-21T12:51:17+03:00

Answer:

Restrict access privileges on a "need to know" basis.

Explanation:

Every user on the company should have assigned one or more roles based on their work location, activities and/or department.

Then data on the database must have the access permissions restricted to the corresponding roles.

For example a "sales" role might have read and write access to the clients data, but only read access to products data.