The paper covers four best practices to consider:
- Understand existing data security strategies before implementing.
- Understand if existing job functions must map directly to security roles.
- Compare standard security roles with existing job functions.
- Create tiered security roles if several job functions require the same security privileges and access levels.
The following guidelines are also included:
- Strictly limit the number of people assigned the role of System Administrator.
- Create roles according to the security best practice of least privilege, providing access to the minimum amount of business data required for the task; assign users the appropriate role(s) for their job.
- When appropriate, use sharing to grant specific users specific rights on individual objects, rather than granting broader privileges on all objects of a given type.
- Use teams to create cross-functional groups to share specific objects across the team.
- Train users with sharing access rights to share the least amount of information required.