Control access to Include\Exclude tab in Query Designer
In the Automate and Self-Service module, we need a way to control access to the include\exclude tab in the query designer?
In our case we are interested in blocking access to include\exclude tab for some of our support teams. And will be interested in blocking the tab for end-users if\when we onboard the self-service module.
Using the Include feature is problematic in highly regulated environments. It can lead to data leakage events.
Consider the following scenario. User A is in Information Barrier 1 and added as an inclusion to list that is approved for Information Barrier 1. User A then transfers to a new team in Information Barrier 2. Because User A is on the include list they won't drop from the list. As a result they will begin receiving information only intended for people in Information Barrier 1.
The only options today to resolve this include a human making a decision. In the automate module an admin has to be notified of the change and perform the removal. In the self-service module the list owner must recertify the membership, but they may not know User A transferred.
Please sign in to leave a comment.
Comments
1 comment