Controls

Terug naar overzicht
Version

SB.9.003 Defining user management

Identity & Access Management
Medium
Medium
Medium
System Owner
v2.0 (Q1 2024)

Description

System owners define how user management takes place, including who is authorised to request changes to which user roles and how this can be requested/managed.

System owners determine the access control models used for which types of users.

Specification

System owners may decide to use Discretionary Access Controls (DAC) for most end-users, as is customary in environments such as Office365 where end-users determine who has access to what.

It is recommended to only allow Rol-Based Access Controls (RBAC) for more sensitive access. User authorisations are then based on the role a user has.