Special authorities give users the access they need quickly and easily, but they're hard to take away once granted. You need to understand what you're assigning someone. Special authorities are more serious than you might have thought.
Written by Steve Pitcher
With great power comes great responsibility.
My company is about to go on a major ERP overhaul. That's right. We've got forty plus years of a mostly home-grown solution with pieces and parts bolted on over time. Do we have people who have too much authority given their job role? Yes. Are certain objects less secure than they could be? Yes. Like any shop, we have a couple of critical applications that "might break" if the authority is changed. We also have a couple of users who "might" not be able to do their jobs if their authority is restricted. With a new solution on the horizon, it's a good time to look at what we have from a security point of view.