КАТЕГОРИИ:
Архитектура-(3434)Астрономия-(809)Биология-(7483)Биотехнологии-(1457)Военное дело-(14632)Высокие технологии-(1363)География-(913)Геология-(1438)Государство-(451)Демография-(1065)Дом-(47672)Журналистика и СМИ-(912)Изобретательство-(14524)Иностранные языки-(4268)Информатика-(17799)Искусство-(1338)История-(13644)Компьютеры-(11121)Косметика-(55)Кулинария-(373)Культура-(8427)Лингвистика-(374)Литература-(1642)Маркетинг-(23702)Математика-(16968)Машиностроение-(1700)Медицина-(12668)Менеджмент-(24684)Механика-(15423)Науковедение-(506)Образование-(11852)Охрана труда-(3308)Педагогика-(5571)Полиграфия-(1312)Политика-(7869)Право-(5454)Приборостроение-(1369)Программирование-(2801)Производство-(97182)Промышленность-(8706)Психология-(18388)Религия-(3217)Связь-(10668)Сельское хозяйство-(299)Социология-(6455)Спорт-(42831)Строительство-(4793)Торговля-(5050)Транспорт-(2929)Туризм-(1568)Физика-(3942)Философия-(17015)Финансы-(26596)Химия-(22929)Экология-(12095)Экономика-(9961)Электроника-(8441)Электротехника-(4623)Энергетика-(12629)Юриспруденция-(1492)Ядерная техника-(1748)
Users, groups, roles and service groups
|
|
|
|
Identity
Information Management
The identity of a user is the information about them that distinguishes them as an individual and which verifies their status within the organization. By definition, the identity of a user is unique to that user. Since there are cases where two users share a common piece of information (e.g. they have the same name), identity is usually established using more than one piece of information, for example:
- Name
- Address
- Contact details, e.g. telephone, e-mail address, etc.
- Physical documentation, e.g. driver’s licence, passport, marriage certificate, etc.
- Numbers that refer to a document or an entry in a database, e.g. employee number, tax number, government identity number, driver’s licence number, etc.
- Biometric information, e.g. fingerprints, retinal images, voice recognition patterns, DNA, etc.
- Expiration date (if relevant).
A user identity is provided to anyone with a legitimate requirement to access IT service s or organizational information. These could include:
- Employees
- Contractors
- Vendor staff (e.g. account manager s, support personnel, etc.)
- Customer s (especially when purchasing products or services over the Internet).
Most organizations will verify a user ’s identity before they join the organization by requesting a subset of the above information. The more secure the organization, the more types of information are required and the more thoroughly they are checked.
Many organizations will be faced with the need to provide access rights to temporary or occasional staff or contractors/ supplier s. The management of access to such personnel often proves problematic – closing access after use is often as difficult to manage, or more so, than providing access initially. Well-defined procedure s between IT and HR should be established that include fail-safe checks that ensure access rights are removed immediately they are no longer justified or required.
When a user is granted access to an application, it should already have been established by the organization (usually the Human Resources or Security Department) that the user is who they say they are.
At this point, all that information is filed and the file is associated with a corporate identity, usually an employee or contractor number and an identity that can be used to access corporate resource s and information, usually a user identity or ‘username’ and an associated password.
While each user has an individual identity, and each IT service can be seen as an entity in its own right, it is often helpful to group them together so that they can be managed more easily. Sometimes the terms ‘ user profile ’ or ‘user template’ or ‘user role ’ are used to describe this type of grouping.
Most organizations have a standard set of services for all individual users, regardless of their position or job (excluding customer s – who do not have any visibility to internal services and processes). These will include services such as messaging, office automation, Desktop Support, telephony, etc. New users are automatically provided with rights to use these services.
|
|
|
However, most users also have some specialized role that they perform. For example, in addition to the standard services, the user also performs a Marketing Management role, which requires that they have access to some specialized marketing and financial modelling tools and data.
Some groups may have unique requirement s – such as field or home workers who may have to dial in or use Virtual Private Network (VPN) connections, with security implications that may have to be more tightly managed.
To make it easier for Access Management to provide the appropriate rights, it uses a catalogue of all the roles in the organization and which services support each role. This catalogue of roles should be compiled and maintained by Access Management in conjunction with HR and will often be automated in the Directory Service s tools (see section 5.8).
In addition to playing different roles, users may also belong to different groups. For example, all contractors are required to log their timesheets in a dedicated Time Card System, which is not used by employees. Access Management will assess all the roles that a user plays as well as the groups that they belong to and ensure that they provide rights to use all associated services.
Note: All data held on users will be subject to data protection legislation (this exists in most geographic locations in some form or other) so should be handled and protected as part of the organization’s security procedures.
|
|
|
|
|
Дата добавления: 2014-12-23; Просмотров: 445; Нарушение авторских прав?; Мы поможем в написании вашей работы!