IT user authority levels are really the same as any other authority structure in your workplace. The business owner makes the overarching choices, managers are responsible for processes, and the employees make the business run day to day.
In a secure setup, not all users have the same authority levels – and for very good reason. If everyone had full authority, you’ll never get ahead of the changes, and your wallet might be looking worse for wear!
Full authority
- This is for owners or managers, where user setups or removals, or financial decisions sit. They should be the main point of contact for all approvals.
Some authority
- This is for assistant managers, financial controllers, team leads, or those who are in charge when the main point of contact is away. For example, they might approve password resets or allow access to folders.
Locked down authority
- This is for everyone else! Regular staff don’t need authority to make system changes for themselves or anyone else. Everyone should be given the access required to perform their roles, and anything additional can be requested through management.
System rights and access
Areas such as HR or payroll should only be available for select staff. When we create cloud user profiles, we can limit access to folders, applications, or permissions within programs. This ensures privacy is upheld, and information is available on a need-to-know basis.
Why it’s necessary
Ensuring any system changes, big or small, go through the same authorised person means there won’t be any conflicts of interest, all information is correct, and security breaches are mitigated.
Your IT provider would have a confirmed list of names, email addresses, and mobile numbers of staff in order to verify the correct person is requesting or approving changes. This ensures approval can’t come from the wrong person by mistake, or in the worst-case scenario, with fraudulent or malicious intent.
Approval Matrix
In order to keep track of who can approve what, it can be helpful to create an Approval Matrix so both your company and IT provider can grab the information quickly.
See below for an example of how a simple structure might be laid out:
