Maintaining user accounts

As when creating roles, SmartTurn has some suggestions about maintaining users who have role-based access:

It's a good idea to restrict each of your users to the least amount of privileges necessary to perform their jobs.
Create new roles by making copies of similar default roles. SmartTurn’s default roles will always automatically acquire privileges for new features that SmartTurn releases over time, if you don’t rename them. That way, the default roles can always serve as reference points.
Establish policies about editing, activating and deactivating users. For instance, your company may want to define a policy about deactivating terminated users.
Establish a regular interval of time at which you audit users for role assignments.
Keep a secure, spreadsheet printout of your current users and what roles are assigned to them.
Be on the lookout for role accumulation. As users move up and around your company, they may acquire many different roles as necessary to perform new responsibilities. However, they may not ever shed original roles that are irrelevant in the context of those new responsibilities, and this could create a security vulnerability.
If you have a large operation with greater than 10 users, and/or if you have users outside of your company, consider separating the role management task from user management tasks by creating two types of System Administrator roles, and assigning them to two different employees.
Establish a process by which users can request new permissions, and these requests can be authorized and systematically implemented.

To review role maintenance tips, see Maintaining roles.

To review role setup strategies, see Role strategies.

To connect with professional groups and learn about governmental standards in different industries for Role Based Access Control (RBAC) at the U.S. National Institute for Standards and Technology (NIST).

It is important to always keep one SmartTurn Administrator role active. This is so that there is always someone with the permission to create roles and users. Additionally, it is a good idea not to change the name of the default role, “Default SmartTurn Administrator.” Keeping the name of this role as is enables anyone with this role assignment to automatically receive permissions for new features as they are released.