Call a Specialist Today! 800-886-5369

User Rights Management

User rights management reduces unwarranted data access by ensuring user rights align with corporate policy. This prevents insiders such as employees, contractors, outsourcers, etc., from accessing data unless there is a business need-to-know. Strictly controlling user access rights to data is mandated by a number of regulations, including SOX, PCI and HIPAA, and is a security best-practice that helps reduce the risk of data breaches due to overly accessible data.

Uder Rights ManagementAggregate and Report on User Access Rights

User rights audits require the ability to regularly aggregate user rights enterprise-wide. Rights must be collected from multiple database platforms and file systems to facilitate timely, manageable audits and reviews. Automated, regularly scheduled rights collection helps ensure an up-to-date view for security and compliance staff as well as auditors.

Perform Access Rights Reviews

Establishing a rights review workflow helps organizations build a repeatable process for reviewing access rights, which is required by regulations like PCI DSS and SOX. In addition to following a regular workflow, organizations should maintain an audit trail of the review process by recording whether reviewers accept or reject existing access rights, and what changes are required.

Identify Dormant Users and Excessive Access Rights

Identifying dormant users and un-used access rights is fundamental to reducing the risk of unwarranted insider data access. Organizations can identify these states by correlating user access rights with actual data access activity by users. Those users that never access the data they have permissions to may no longer be part of the organization, or may not need those permissions to do their job.

Ensure Access is Based on Need-To-Know

Access to sensitive data should be based on a business need-to-know, which typically relates to organizational structure. While user information stored in databases and directory services may include organizational information, this data often falls out of sync with business changes. Supplementing this information with details from human resources information management systems, which better reflect user job roles, helps identify users with access rights no longer required by their job function.

Related Products:


Database Security
Product Name: Capabilities:
User Rights Management for Databases
  • Aggregate and analyze access rights across databases
  • Remove excessive rights and dormant users
  • Ensure access is based on a business need-to-know
  • Database rights review workflow framework

File Security
Product Name: Capabilities:
User Rights Management for Files
  • Aggregate and analyze file access rights across file servers and NAS devices
  • Remove excessive rights and dormant users
  • Ensure access is based on a business need-to-know
  • File rights review workflow framework
  • A part of SecureSphere File Activity Monitoring and SecureSphere File Firewall