Security Flashcards
To review set up of user & system security
A privilege is…
a low-level permission to do or see something. The lowest level of the security hierarchy.
A security policy is…
a group of privileges. There are two types.
What are the two types of security policy?
- DSP or Data Security Policy
- FSP or Functional Security Policy
What is a DSP?
A DSP or Data Security Policy allows users to make changes to data.
Ex: read, update, delete
What is an FSP?
An FSP or Function Security Policy allow users to perform specific actions in the system.
Ex: approve a service request
A duty role is…
a group of security policies that defines access to an object.
A job role is…
A group of duty roles that describe a user’s job. Most users only have 1.
An abstract role is…
A job role for “not a real job” jobs. Users typically get one or more of these.
What do access groups do?
They grant groups of users access to records that match rules.
What do territories do?
Grant territory members access to records that have the territory assigned to them.
Authentication
A user becomes authenticated by providing a correct username/ password combination
Authorization
The system uses RBAC (Role based access control) to determine which pages a user can access, actions they can perform, and which CRUD (create, read, update, delete) operations they can use.
Visibility
Determines which records the user sees and the user’s level of access to those records
CRUD
Create, Read, Update, Delete
RBAC
Role Based Access Control