Position Based Access
The method of determining what data is accessible to whom.
Enterprise data that has been designated as "restricted" by the Data Stewards is made accessible based upon the organizational or functional scope defined for the position that an individual user holds. For example:
- The Senior Director of Customer IT Solutions in the OIT would see compensation and performance review data for those individuals within his/her organization (organizational scope) and financial transactions for the financial accounts he/she manages, but no other restricted data.
- An analyst with no direct reports in the Controller's office would see all University financial transactions and budget data but would see no performance review or restricted employee data.
This approach addresses the historic challenges of managing a person-based model for access rights.
The respective permissions for each positions are defined by the Data Stewards and the Information Governance Committee.
When an individual changes positions the relevant access changes accordingly -- specifically, the individual's access via the previous position ends and the individual "inherits" the access associated with the new position.
New hires into the open position inherit the access rights associated with that position.