11. Assigning and Delegating Privileges in Organisations Resource Owner “ I authorise this Privilege Holder to use this resource in the following ways” signed The Resource Owner Privilege Holder “ I delegate authority to this End User to use this resource in this limited way” signed The Privilege Holder End User (Privilege Holder) Assigns privilege to Delegates privilege to “ Can I use the Resource” Er.Sartaj Singh Bajwa
12.
13.
14.
15.
16.
17.
18.
Notes de l'éditeur
In a paper based privilege management system, a resource owner (e.g. the Financial Director of a company, or the Computer Centre Manager) will sign a form to say that a particular person (the privilege holder) is allowed to use a particular resource in a particular way. E.g. The Financial Director may say that a Head of Department can sign orders up to the value of so many thousand Euros, or the Computer Centre Manager may sign a form authorising a user to use particular computing resources. Paper based systems may also support delegation, whereby a privilege holder is allowed to delegate the use of the resources currently under his control, to one or more other people. E.g. the Head of Department authorises a project manager to sign orders for his project up to a pre-determined sum.