• Open: This principle states that a user shall have access to all the information in a system if the user has access to the system or repository in which the information is being held. This type of data access is by far the least safe, as (in most cases) it’s not relevant for the user to have access to all the data.
  • Open, unless: This principle states that a user shall have access to all the information in a system unless there are certain settings to shield specific data. As an example, it could be that HR or finance-related data only can be accessed by the HR or finance teams. This type of data access is safer than the previous, however, users could still have access to data that they don’t specifically need to do their day-to-day activities.
  • Need-to-know: This principle states that a user shall only have access to the information that their job function requires, regardless of their security clearance level or other approvals. In other words: a user needs permissions AND a need-to-know in order to gain access to specific data which makes this type of data access the most secure – as it limits the potential impact of a data breach, if one may occur.