Elevated Access Accounts 2978
MCB1 last edited by
I am new here so forgive me if this topic was already covered back during the earlier days of this forum. I am wondering how people handle Elevated Access accounts.
We currently allow people to check out an Elevated Security Account if they have a break fix or a change to put in place. Unfortunately, over the years the amount of elevated access accounts has grown to about 300 accounts with almost 2,000 users.
I am wondering how other groups/companies are handling the need for Admin Access on a system or database when they are trying be diligent and segregate duties. I would be very interested in hearing how others have approached this question and how it’s working a few years after SOX has been implemented.
NC last edited by
We used the Sealed envelope method to keep the passwords of these accounts secret. These got changed after usage and got stored with a top guy within the organization. Added to this was logging and reviewing the activities of this account while being used.