Covered by this topic
standard, all user application access is regularly reviewed and validated, ensuring all user access–including of employees, clients, vendors, and partners–is appropriate, given the users’ roles and responsibilities. This provides assurance that object access and account management practices support the MIE Information Security Policies. For example, the security principle of least privilege requires all users to be granted the most restrictive set of privileges needed for the performance of their authorized tasks. Simply applying this principle limits the damage that can result from accident, error, or unauthorized use.
As such, all Enterprise Health systems will automatically disable any client and/or user account (e.g., MIExxxx) that has been inactive for an established and configured number of days. In other words, employees, clients, vendors, and/or partners functioning as system administrators of any database on MIE servers, shall take the responsibility of their user access by way of the tools and automation available in the system, described in further detail, below.
To automatically disable a client and/or user account that has been inactive for a number of days, simply utilize the Days Inactive system setting, which allows the number of days of inactivity to be set, according to organizational preferences, or standards.
- Search for the System, Security, Days Inactive security setting. Click the Edit link of the security setting, found in the Options column to the right of the page.
- Update the Value with the preferred days of inactivity to trigger account deactivation (e.g, 5, 7, 14, etc.).
- Provide a Reason for the change of the security setting, and click the Change button.
In addition to the Days Inactive system setting, the Enterprise Health system comes equipped with a job scheduler, which allows for recurring, automated jobs that may need to run periodically, at fixed times, dates, or intervals. This tool allows administrators to easily maintain common and necessary functions for general administration purposes. The Disable Inactive Users scheduled job is enabled in every system, by default, and is set to trigger every day. To add, manage, or update scheduled jobs, simply navigate to the Scheduled Jobs menu tab.
Unless updated, the default behavior of the Disable Inactive Users scheduled job is to run daily, at 05:00, where any user access flagged as inactive, based on the Days Inactive system setting, discussed in detail, above, will hit and perform the disableacc function, automatically.