Definition
Permissions provide the ability to evaluate, record, and access information identifying the right of an individual or entity to use, access, or do something, be something, or have something.
Permissions are crucial for ensuring that government services and resources are allocated and accessed appropriately, transparently and securely.
A permissions capability includes technology, people, processes, and enablers such a business design, service models, and governance.
Certain permissions can result in the provision of an entitlement. The definition, scope and process of granting entitlements are addressed within the Entitlements capability.
Purpose
Permission management, whether as a distinct system or as a functional component of a broader system, is essential for the evaluation, recording and accessing the rights of an individual or organisation.
A mature permission capability will enable permissions only to those who are entitled to them and enable those granting the permissions to do so in a secure and efficient manner.
Suitable handling of permissions is realised through:
- evaluating, accessing information, and capturing the right of an individual or entity to use, access, or do something, be something, or have something
- allowing or restricting permission, internally and externally, in a controlled manner and on a needs-basis
- functioning as part of a suite of capabilities within the Cyber Security domain, integrating with other systems to or within which permissions are being granted.
Objective
The objectives of this content are to:
- identify, consolidate, and standardise permissions approaches, especially those with complementary systems functionality, to increase efficiency and reduce the complexity of government service delivery
- enhance customer experience for individuals and business when they engage with government
- establish and implement consistent standards or designs where entity solutions require permissions
- ensure that new application solutions draw security efficiency from preceding investments, implementations, and learnings to maximise re-use and minimise risk.
Whole-of-government applicability
Permissions have broad applicability in delivering services such as payments, grants, visas, and permits where there is a need to ensure:
- consistent, effective, and efficient processing, workflow, approvals, and decision functionality for entities responsible for issuing permissions
- a customer-centric focus, ensuring simple and appropriate, yet robust management of permissions that suits the unique context of the system and its data and security needs
- use of proven permissions designs, development approaches, and lessons learned, including approaches that assist APS skills development, remove design development complexity, and directly leverage available expertise.
The Data and Digital Government Strategy and Implementation Plan impose obligations on the APS for the provisioning of permissions through:
- Delivering for all people and business: To embed inclusion and accessibility
- Simple and seamless services: To be digital by design
- Trusted and secure: To build and maintain trust.