When you decide to implement role-based security in your organization, it helps to predict the questions that decision makers will have about the shift. Here are some ways you can answer their questions and get their support.
What's the value to the company?
A disorganized, insecure file server costs the company money. Employees can't
find the data that they need to do their jobs and the business runs the risk
of having data fall into the wrong hands.
How does it work?
Instead of assigning users permissions to individual folders, users are assigned
to roles (what Active Directory—AD—calls security groups). The
roles are then assigned to the folders and files. When someone new is hired
or an existing employee transfers departments, permissions can be quickly reassigned
by simply adding the employee to the appropriate roles.
Why will this make us more secure?
The "owners" of the data are the ones to decide who has access. By matching
defined roles in the company with roles (security groups) in AD, you create
a powerful system that lets data owners easily assign security to the proper
users. In addition, the system puts the responsibility of file security where
it belongs—out of IT and in the individual departments.
Who will help us when we have questions?
In the past, the Help desk assigned file security based on submitted trouble-tickets.
From now on, the Help desk will be happy to help users who need assistance assigning
security to folders.
