What is an authorisation concept?

An authorisation concept describes the rules that determine which users or user groups are granted access (in the form of a role and rights logic) to data of an IT system. An authorisation concept in IT must first and foremost fit the company and the structures in the work processes. In addition, the role and rights logic must be dynamically adaptable, as users can take on other roles in the course of their development or gain and relinquish rights. In addition, authorisation concepts must be traceable and trackable in terms of data protection and IT security. In order to support an optimal workflow of the users, the authorisation concept must always be kept up to date and comprehensively cover the needs of the users.

Which roles are there in an authorisation concept?

The roles in such a concept can be structured more or less strongly depending on the organisation. In general, however, the roles are differentiated according to their authorisation to perform actions on data of the IT system.

Example of role logic:

  • Role 0: no authorisations
  • Role 1: Read data
  • Role 2: Create data
  • Role 3: Create, change and delete data
  • Role 4: Full access to all data