Beyond basic RBAC (Role-Based Access Control), this seems like a fine idea regarding how to manage those users (of whom there can be many in a small organization!) who either temporarily or permanently need to "wear multiple hats". Perhaps in many cases, this relates less to a specific vendor application's features, and more to defining and following best practices for system configuration-
Role Model - Information Security Magazine: "...Dynamic separation of duties: Deter fraud/conflicts of interest by constraining the combination of privileges that can be activated in the same session (See Figure 1). For example, if I am in the groups cashier and cashier supervisor, I only have the access rights and work within the security context of the particular role I log in under. I do not have the aggregate privileges of both roles during one session..."
No comments:
Post a Comment