Today's complex IT systems and multitude of possible permission configurations create a challenge for IT administrators, especially in determining optimal permission configuration for user groups. This is further exaggerated with the users' privilege requirements not being clearly specified or available. This typically leads to excessively permissive security configurations in IT systems which results in security vulnerabilities. This paper proposes a methodology and high-level architecture for a system that enables to elicit and deploy IT permissions in a convenient and secure manner avoiding many pitfalls that exist today. The proposed methodology's applicability is illustrated using two scenarios: a typical organisation with complex security requirements and a collaborative online environment.
8th WSEAS International Conference on Applied Computer Science (ACS'08). Recent Advances in Applied Computer Science: Proceedings of the 8th WSEAS International Conference on Applied Computer Science (ACS' 08) (Venice, Italy 21-23 November, 2008) p. 187-192