...
- Does the person delegating access have the authority to do so for this application?
- Who is the Data Owner for the information in your application? You may own the service, but is the data contained within yours? If not, whose is it, and do they agree this person should be able to access the data?
- Has the user you are providing access to sign the Access and Compliance Agreement (ACA) (Both employees and student employees are required to sign the ACA)
- Is the user eligible for the access they are being given, i.e. FERPA, HIPPA, Internal Controls?
- Documenting requests is necessary when dealing with access to University Data. (Internal or External Audit)
- Who requested the access?
- Who approved the access?
- Who applied the access change in the application?
- What access was granted and by who?
...
For more information see UAlbany Account Authorization Guidelines