Australian Government Architecture
Search

Type

Policy

Reference

.

Content status

Current

Compliance

Non-mandatory

Permissions policy

The permissions policy is essential for evaluating and recording who can access specific government information, systems or resources, and enabling access to users according to their granted permissions. 

Applicability

Digital investment proposals are assessed against this policy by the DTA through the Digital and ICT investment oversight framework (IOF).

Commonwealth entities are encouraged to apply this policy to all digital investments.

Policy requirements

This section describes the requirements for developing and maintaining the Permissions capability. 

Details of what entities need to do to comply with these requirements are included under the Permissions standard

  • Confirm permissions applicability

    Not all proposed solutions may be permissions related. The Permissions standard has identified a set of criteria questions to assist entities in determining applicability of permissions guidance.

  • Identify permissions related roles

    Permission business processes can be depicted through relevant use cases and the identification of key roles.

  • Identify permissions decision type

    Permissions decisions are typically in response to either an immediate or known future need. Identifying the decision type assists in shaping design of business and technology systems underpinning operations.

  • Lower development and maintenance complexity of permissions solutions

    Adopt supplier guidance and industry best practice during the solution design and development phases of the solution implementation.

  • Ensure the ongoing viability of permissions solutions

    Entities should ensure continual improvement of processes, and features, data, security, technology, skills, and cost should remain a focus to maximise functionality, reduce risk, and minimise accumulation of technical debt.

  • Align operational and technological needs

    Analyse and assess specific organisational needs, and develop a comprehensive set of technology, business, service, and compliance requirements that would enable or support permissions functionalities.

  • Apply a risk-based approach to permissions

    Assess and manage risks associated with the handling of permissions, to inform design and investment decisions.

  • Adhere to reuse principles

    Give priority to the adoption of reuseable digital and ICT solutions, patterns, or knowledge, and, where necessary, design new solutions with a focus on future reuse.

  • Comply with legislation and regulation

    Entities must comply with any legislation relevant to their circumstances.

Was this information helpful?

Do not include any personal information. We are unable to respond to comments or feedback. If you would like a response, please email, or phone us. Our details are on the AGA contact page www.architecture.digital.gov.au/contact-us.