Profiling the Data
With this user access data assembled and mapped properly, the gatekeeper should work with the data profiler to discuss the criteria and any specific validation logic needed for the profiling activity. Creating mock-up examples of the type of reports or views the gatekeeper would like to see will be very helpful for the profiler. Expect that the gatekeeper and the profiler may run through a few iterations before getting the logic and views to the desired end result. From the profiling, you are looking to produce a relatively simple output that can provide the following types of user access insight:
- Validate the type of privileges the users and groups actually have.
- Are these privileges correctly aligned to their access requirements and allowed capabilities? Are there any unexpected privileges?
- Are there any broader access issues or trends with certain individuals or groups that need to be addressed? It may be that an individual or group was initially assigned the incorrect privileges, or that someone changed roles and their prior privileges are still active, or perhaps that another gatekeeper who controls, for example, the order management privileges, is broadly approving those requests without realizing this also allows access to customer master data.
There could also be other scenarios that can cause inappropriate access assignments, but the point here is to create a process that allows user access assignments to be regularly monitored and audited. These types ...
Get Master Data Management in Practice: Achieving True Customer MDM now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.