|
|
|
|
|
|
by coldcat
2758 days ago
|
|
|
In large company I worked, everything critical go through active directory. Every user is assigned to group/role. Every Server application have it's own entry as well. Every authorisation is audited (app launch, document access, databases access...). The day someone leave badge goes off, mail and every access are freeze.
On a day to day usage you could revoke some or all access of a user, even just block word or a database instance. I've seen friend blocked at the door one morning because an inquiry was in process on their computer usage (it last 2 weeks and the guy was innocent,it was someone from IT who manually installed/modify unknown system files on his computer).
From security standpoint almost nobody have access to production database. Most of the people work on old snapshot or incomplete extract.
In another company. If you do a request on sensitive database (select * from customer), a security guard come to your office ask you to stay away from keyboard. Then the office manager is called to ensure that your work is legit. |
|
|