issuhub.com

SAP - TINET - Tarragona Internet

(Ron) #1 
and promise to bring it back. This was definitely primitive, but there was a

record of who had what access and to where. And if a key was missing from

that rack, the person in charge would come looking for it. Very few people

had all the keys; for example, a janitor would have a jangling bunch of keys,

with access to virtually every room because he or she had to clean them all

or at least empty the trash every day. (The plot line of many films includes a

scene of someone posing as a janitor to get to some secret information.)

Today companies have to control not only access to buildings, but also to

computer systems. Both have become more sophisticated over time; rooms

and buildings now have keyless entry and other fancy electronic entry sys-

tems. Access control to computers has also gone through some evolution.

Users and permissions ......................................................................


Way back in the mists of time, system administrators would give permissions

to various users. Users would get a username and password and then would

be given access to various applications. (Not all computer platforms allowed

for this, though. PCs were meant to belong to a single person, so the whole

concept of access control had to be added on later.)

The equation went like this: 1000 users equals 1000 sets of permissions.

That’s a lot of unique sets of permissions to keep changing or revoking as

people changed jobs or took on additional responsibilities.

Chapter 6: Access Control and the Role of Roles 117


Your essential access control glossary


Lots of lingo gets thrown around in discussions
about access control. Here are some of the
terms you’ll hear most often:


User:An individual employee’s technical

access to the system

Superuser:An individual with technical

access to all system features and all

transactions

Role:Access to specific functions by virtue

of the employee’s job title or responsibilities.

Possible roles include salesperson, accounts

payable clerk, and purchasing agent.

Access Control:A means to control who

does what in the system

Transaction:A field or set of fields used to

perform an action in the system (for exam-

ple, Set Up Vendor Account)

Event:An action performed by a user (for

example, logging on, opening an application)
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.