Within any enterprise application you have numerous roles, possibilities, rights and restrictions. In every scenario, some users have more rights than they need and vice versa. Effective role management within enterprise applications such as Documentum and Office365 is essential. Not only for proper assignment of user access rights and control, but also to make sure that everything is in accordance with your company’s data policy and the country’s legal rules around data protection (e.g. the EU’s GDPR).
The age-old expression ‘Knowledge is power’ can be applied to this very subject; no matter if you are an IT engineer with access to an HRM application or if you are the head of a department with access to an ECM application: you usually get full access to all the information the application contains. You could ask yourself: ‘do you need access to this (part of the) application to do your job?’ Very often employees obtained access in the past because they needed specific bits of information to do their job, but after the job is finished and the information is no longer needed, access is not withdrawn.
Reassessing who needs which information and making sure that after the job is done, access is withdrawn, is of great importance. Neglecting this is seen as a massive risk in your data protection and in many data compliance policies. Knowledge about employees, processes, project results and more insight into the company your work for, never minding your role or whether you’re an external or internal employee: if your user management is not up to date, this is available to employees who (most likely) don’t need it. This way, you set out a company structure of a Kingdom of Kings: they all have access over valuable and sensitive information.
When designing systems, the access control lists of users are composed and developed to set out a role-based access control (RBAC). Often enough this RBAC is not maintained or updated frequently, drowning your application with ghost users and users who shouldn’t be in your user list.
Specific processes and tools that are necessary for effective role management consist of role mining and specific role design, role recertification, and access recertification. These should be audited frequently to keep your access lists up to date.
Extra work and constant maintenance for an application, is the nightmare for any system administrator and the business using applications. That’s why it is crucial to use a loop to make sure your RBAC is up to date, ensuring that roles are periodically updated based on current business requirements that could have changed over time as we can see in reorganizations, mergers and acquisitions of a specific employee, department or even an entire company.
A development of your business should not lead to a pitfall in your user management and lead to possible data protection risk. Both products of Documentum (xCP) and Office 365 (Azure) offer RBAC solutions to ensure that risk is minimized. Regardless, this raises the inquiry ‘how does one software solution connect to the other?’ without letting a user getting too much power.
Artificial intelligence has come a long way to get your RBAC in order, including your total users. The mutation of an employee can initiate a process that the user’s access can be amended to its new role not just within a singular application but throughout the entire application suite that the user works with. Blockchain technology has mainly been associated with financial transactions but can be included within an ECM environment as well. A blockchain is a continuous list of records, that are linked through cryptography. The records referred to as ‘blocks’ all correspond to a distributed ledger, that keeps the transactions up to date. Every block contains a timestamp and transaction data, locking the content and preventing unauthorized modification. Blockchain can ensure that your user management of your application suite is secure and always up to date. This helps you to avoid the creation of a ‘kingdom of kings’ and makes sure your user management is in accordance with your business’ and your governing country’s data compliance.
