sort of it you know what you do your function perghaps that may govern what kind of files you can access if your human resources or payroll or you are in a different department the set of files you can would depend on what your role in the orgainzation
1-Inventory your systems
Figure out what resources you have for which you need to control access, if you don't already have them listed. Examples would include an email system, customer database, contact management system, major folders on a file server, et
2-Analyze your workforce and create roles
You need to group your workforce members into roles with common access needs. Avoid the temptation to have too many roles defined. Keep them as simple and stratified as possible.
or example, you might have a basic user role, which includes the access any employee would need, such as email and the intranet site. Another role might be a customer service rep, that would have read/write access to the customer database, and a customer database administrator, that would have full control of the customer database.
- Assign people to roles
Now that you have a list of roles and their access rights, figure out which role(s) each employee belongs in, and set their access accordingly.
- Never make one-off changes
Resist any temptation to make a one-off change for an employee with unusual needs. If you begin doing this, your RBAC system will quickly begin to unravel. Change the roles as required or add new ones when really necessary.
5-Audit
Periodically review your roles, the employees assigned to them, and the access permitted for each. If you discover, for example, that a role has unnecessary access to a particular system, change the role and adjust the access level for all employees in that role.
it is much easier to audit user rights, and to correct any issues identified.
will make the ongoing management of access rights much easier and more secure.
The data breach you prevent may be your own.
— An ACL is a means of defining access rights by a given user or user group, to a specific object, such as a document. As a simple example, an ACL could be used to allow users from one department to make changes to a document, while only allowing users from other departments to read the document.