Wednesday, 8 July 2015

System permissions - stray thoughts

I'm doing some work at the moment on system permissions on a transport management system I'm responsible for, called Tranman. Partly because I looked at the way the security settings and permissions were set up and thought: "I don't understand any of this!" Partly because I'm concerned that so many people seem to have high-level permissions on this system. That last isn't a criticism of anybody: you make your suite of best guesses when you do your implementation and do a review later in the light of experience.

When a new system's being implemented many organisations work on the basis that a manager needs more permissions than the people they manage so managers' user accounts tend to accumulate more permissions the higher they are in the pecking order. In fiercely-hierarchical organisations like libraries this can be taken to the nth degree: when I came into the first library management I ever managed all the librarians had superuser access to the system!

In truth they don't need this: nearly all complex systems like an operational management system don't have a single hierarchy of permissions; they have a permissions matrix. The manager may need to have oversight of more parts of the system but they don't necessarily need to be able to get in and do the work. For example, the manager would need to be able to authorise orders and payments but they wouldn't necessarily be able to create orders and invoices; and for audit purposes there are good reasons why these should be either/or functions if at all operationally possible. (Where it's not operationally possible you should include the necessary warnings and safeguards in the standard operating procedures).

The general rule of thumb is that the user should only be able to access what they need to do their job and, ideally, should only be able to see what they can access: all those library superusers disappeared the first chance I got. This caused some consternation: "You can't give yourself more control of the system than your senior managers!" to which the answer was: "I just have." These days I work in IT and my line manager doesn't have access to any of the systems I manage: "What would I do with it if I had it?" And to be fair, the managers I work with these days tend to work on the basis that "working life's complicated enough so if you can declutter my space by removing those things I don't need to do myself, great." It improves system security, it streamlines the operation, they get a less stressful user interface and there's less opportunity for error, so why wouldn't you want to do it?

One of the things I've decided that I want to do with this particular system is to set up a permissions group for auditors that would allow quite a wide area of access but all of it view-only. The more I think about this the more I think this needs to be considered in the review of library specifications that Ken Chad's encouraging (more details about this in the LibTechRFP wiki).

No comments:

Post a Comment