When you decide to implement role-based security in your organization, it helps to predict the questions that decision makers will have about the shift. Here are some ways you can answer their questions and get their support.
What's the value to the company?
A disorganized, insecure file server costs the company money. Employees can't find the data that they need to do their jobs and the business runs the risk of having data fall into the wrong hands.
How does it work?
Instead of assigning users permissions to individual folders, users are assigned to roles (what Active Directory—AD—calls security groups). The roles are then assigned to the folders and files. When someone new is hired or an existing employee transfers departments, permissions can be quickly reassigned by simply adding the employee to the appropriate roles.
Why will this make us more secure?
The "owners" of the data are the ones to decide who has access. By matching defined roles in the company with roles (security groups) in AD, you create a powerful system that lets data owners easily assign security to the proper users. In addition, the system puts the responsibility of file security where it belongs—out of IT and in the individual departments.
Who will help us when we have questions?
In the past, the Help desk assigned file security based on submitted trouble-tickets. From now on, the Help desk will be happy to help users who need assistance assigning security to folders.