You work for a company that is growing. Originally, all the users in all departments had access to all the data in the database. It is considered a security risk. What is an appropriate action to reduce the risk?

Users need to be classified according to their departments and their position. Each group should see only related data, so their authorizations need to be done accordingly.

Also managers and staff should have different levels of reach to the data. Thus their privileges should set accordingly.

Answer Link

ngallia ngallia · Answer 2 · 2020-01-29T19:58:41+01:00

ngallia ngallia

29-01-2020

Answer:

Restrict access privileges on a "need to know" basis.

Explanation:

Every user on the company should have assigned one or more roles based on their work location, activities and/or department.

Then data on the database must have the access permissions restricted to the corresponding roles.

For example a "sales" role might have read and write access to the clients data, but only read access to products data.

Answer Link