With vast numbers of insiders accessing sensitive report data, you need an easy, consistent, and controlled process for managing permissions. While it’s theoretically possible to manually assign and update access permissions individually for each system, user, document or group, it is obviously costly and quite risky.
Security & User Roles are much easier to manage when they are inherited from an authoritative source. Active Directory, Single-Sign-On, or LDAP sources are examples that can be integrated with your report management system.
Increased risk comes from individual employees granting access to others at their own discretion. Ad hoc adjustments may not align with the access setup by the organization. This, coupled with manual entry error, can cripple the integrity of your document security policies.
How to Get Started
First, it’s important to understand the two types of security we’re highlighting – document level security and page level security.
Document Level Security
Giving a person access to view an entire document or hiding an entire document from them is called document level security. When solely using document level security, the report should contain information that is okay to be shared with all who have proper permissions.
To help you think of your own document level security scenarios, here are a few examples:
- Payroll Reports – Those processing payroll can see all of the content since everything in the report is pertinent to their job.
- Financial Statements – Before you scream, there are certain people who should have access to the entire financial statement like the CFO or other C level executives before the statements are released (if they ever are).
Page Level Security
Restricting access to select portions of a report based on the content of individual pages is referred to as page level security. This happens in two stages. Granting document level permissions to the report and then adding a page level permission on top of it to limit what parts of the report they are actually able to access. We’ll see examples of this below when discussing how you can limit access using job position, groups, and geographies.
Limiting access isn’t always about keeping things away from people, it can be used as a powerful tool for only showing information that is helpful and meaningful to those consuming it. Cutting out the bloat greatly reduces the time it takes to find the information a person is looking for.
Without knowing the specific systems you use, we can’t provide exact implementation details, but there are 3 high-level strategies you can use to start securing your content today.
Secure by Job Position
Assigning permissions related to a job position will quickly allow you to give access to new hires, promotions, or transfers within the corporation. When assigning permissions based on job title or position, users are typically given access to a range of reports that are pertinent to their job functions. This typically comes in the form of document level security.
Only showing reports that are specific to someone’s job helps with security and efficiency. As mentioned before, keeping unnecessary reports out of the way makes it easier to find what you’re looking for.
- A member of the Accounts Payable team receives access to all payables reports so they can handle all open payable tasks.
Only showing reports that relate to a person’s job function keeps unwanted viewers out and makes it easy to find helpful information.
Secure by Groups
Similar to job position, this type of security can be applied at the document level and further secured by other user profile characteristics provided by the authentication source. Groups can be a more broad or specific way of applying security depending on how your company creates them.
- Business Analyst is probably too broad to secure purely based on job position, so further enhancing the security profile by using a group relationship (i.e. Marketing) makes sense in this scenario. The Business Analyst would then have the permissions that only a Business Analyst in the Marketing division would receive. These types of compound rules are the most common way of handling advanced security.
- C-level executives would be a in a group together despite their job roles be vastly different. You may want to make financial statements available to the group before they are accessible to a broader audience.
Groups help you get past basic job position security by including or excluding people from different disciplines to help you hit your target audience.
Secure by Geographic Region
Assigning security based on geography is a great way to apply page level security within a document. By only giving access to specific portions or pages of a report to people that meet specific geographic criteria you can keep sensitive information from landing in the wrong hands.
More information isn’t always better. Better information is better. Having access to information from multiple geographies or territories could confuse users by looking at data that doesn’t apply to them.
- The Sales Manager for the Northeast, Southeast, Midwest and Western Regions should each have access only to information related to his or her region.
- The Sales Manager for North America would be able to see information for all regions in North America but not information for Europe.
Managing entitlements for page level security is critical to assuring each individual sees only the information they are entitled to see.
Your Turn! Start Securing Your Documents
This is great information but it means nothing unless you take it and start applying it. Don’t wait until your company makes front page news for a data breach.
- Find the document with the biggest audience and secure it at the document level to keep unnecessary eyes away.
- Find the document with the smallest audience and secure it at the document level so they are the only ones with access to it.
Have questions about securing your documents? Use our contact form on the right; we’d love to help you out.
This content is excerpted from our free e-book. To get your free copy, please fill out the form below…and enjoy!