7. Data Access Determination
When determining data access, both users and administrators should be considered. The groups both within and outside your organization should be considered. Should this data be accessed by a single department? Should the data be accessed by anyone in your organization? Should anyone in the general public have access to this data? What level of access should classes be given concerning the ability to read or write? Should any users be able to set permissions and if so which ones?
- Who should be able to read the data?
- Who should be able to change the data?
- How many users of the data shall there be?
- How many access levels to the data should there be?
- Who will manage accounts?
Data access needs should be considered from the smallest group outward. Examples include:
The allowed access for each group and whether disclosure to any of the groups should be considered.