User management.
Tips & Tricks

Every (security) system with users has an administrator.
That’s the one who can and is allowed to do everything.
Make changes, export, view all, customize everything.
The administrator is the boss.
He has a lot of power and a lot of responsibility.
In principle, only one person can be in charge.
But is that always the case? In practice, we regularly come across that this is not the case and that several people in an organization use the administrator login details or have been given administrator rights.
Simply because it is easy and people are not aware of the risks that this entails.
Incidentally, I should note that this usually applies to smaller systems and not to the large complex systems.
In general, it is well organized there.

Case study: who is to blame?

In an organization with a camera system, several people use the same (administrator) login for the recorder of the camera system.
So, all these individuals have access to the live and recorded camera footage.
They can make unlimited adjustments or erase certain settings or images.
And so important evidence can be destroyed (knowingly or unknowingly).
The system can even be rendered completely unusable.
But who did it?
All these people use the same login details, so the activity log does not offer a solution either.
After all, it is always ‘the same’ person.
Obviously, this is an undesirable situation.

GDPR legislation extra incentive for user management

With the entry into force of the General Data Protection Regulation (GDPR), there is an important reason to have your user management in order.
Personal data (including camera images) may only be accessible to people who also have to do something with them (process) them.
And it must be traceable who did what and when.
Incidentally, a thorough hierarchy in the user structure is not only of (crucial) importance in the business sphere.
Also privately we don’t seem to have everything in order and often several people (family members) use the same login.
Think, for example, of your mobile phone, Netflix account or the alarm system.
Everyone who has the access code is actually the administrator and can get in everywhere.
Think carefully about whether you want to do that…

Working with user groups reduces risk

With many users, it’s easy to create user groups.
Individuals get their own login and can be added to a group with specific rights.
Individuals can also be easily removed from the system by deleting the individual login.
The other group members will retain their rights.
But removing users from the system remains a human act.
An action that can be forgotten, with the result that old users keep their login for a long time or even forever.
This is a bad thing and poses a considerable risk to the system.
By using a common database, for example by linking the HRM system to it, the risk of this can be limited.