UnixTime

Research Note

Information Access Rule Matrix

Use this matrix when defining or reviewing role-based access to an application, service, database, report set, or information repository.

On this page

When to use this

Use this matrix when defining or reviewing role-based access to an application, service, database, report set, or information repository.

Access rules

Application/information set Owner Role/group Information/function Classification Create Read Modify Delete Export/print Admin Conditions Approved by
TBD TBD TBD TBD TBD Yes/No Yes/No Yes/No Yes/No Yes/No Yes/No TBD TBD

Minimum checks

  • Access rules are approved by the information or application owner.
  • Permissions match business need.
  • Sensitive information has matching classification and handling rules.
  • Export, print, and download permissions are explicitly defined.
  • Admin and maintenance functions are separately controlled.