Authorization Concepts

Simple Concepts of Authorisation

There are always questions asked how access rights (authorisation) should be granted to users when they are signed up as a systems or platform user (end-users and administrative users) - Should they be read-only users? input only users? or full access users?

To simply the thought process and make more sense out of this maze, there are some authorization concepts that can be used before designing the access rights matrix or providing user a set of access rights (if the system doesn't allow the grouping of access rights).

1. Need-to-know principle

Only assign access rights based on their duties. For example, if a user's duty is a data entry officer, that user should only be given access to input function of the system or application. It should not be granted the access rights to query the whole bunch of data. This might result the breach of data privacy.

2. Authorization creep

The assigning access rights to a user without reviewing or removing the previous access rights. This normally happens when existing users get promoted or shifted departments. While providing a new set of access rights required by user's new duties, system administrators frequently neglect to revoke the existing access rights which will not be needed in the new role.

3. Access control list:

The list that specifies user which are granted access rights. Access control list can help system administrators to maintain the currently assigned access rights to all users who are using the system(s). this might sound intense if there are thousands of user accounts, but it still can be achieved by creating authorisation groups and making more structured rather than granting individually to the users.

4. Default to zero:

Lastly, all access control should always start with zero access. This concept is to always assign users’ access rights from scratch (without any existing access rights bound the user accounts). In case the that users need their access right updated, make sure that the existing access rights should be removed before assigning new access right for them.