Australian Government Architecture
Search

Type

Policy

Reference

.

Applicable from

19 Aug 2024

Mandate

Endorsed

Status

Core

Responsible agency

Digital Transformation Agency

Permissions policy

The permissions policy is essential for evaluating and recording who can access specific government information, systems or resources, and enabling access to users according to their granted permissions. 

Applicability

Digital investment proposals are assessed against this policy by the DTA through the Digital and ICT Investment Oversight Framework (IOF).

Commonwealth entities are encouraged to apply this policy to all digital investments.

Policy requirements

This section describes the requirements for developing and maintaining the Permissions capability. 

Details of what entities need to do to comply with these requirements are included under the Permissions standard

  • Confirm permissions applicability

    Not all proposed solutions may be permissions related. The Permissions standard has identified a set of criteria questions to assist entities in determining applicability of permissions guidance.

  • Identify permissions related roles

    Permission business processes can be depicted through relevant use cases and the identification of key roles.

  • Identify permissions decision type

    Permissions decisions are typically in response to either an immediate or known future need. Identifying the decision type assists in shaping design of business and technology systems underpinning operations.

  • Lower development and maintenance complexity of permissions solutions

    Adopt supplier guidance and industry best practice during the solution design and development phases of the solution implementation.

  • Ensure the ongoing viability of permissions solutions

    Entities should ensure continual improvement of processes, and features, data, security, technology, skills, and cost should remain a focus to maximise functionality, reduce risk, and minimise accumulation of technical debt.

  • Align operational and technological needs

    Analyse and assess specific organisational needs, and develop a comprehensive set of technology, business, service, and compliance requirements that would enable or support permissions functionalities.

  • Apply a risk-based approach to permissions

    Assess and manage risks associated with the handling of permissions, to inform design and investment decisions.

  • Adhere to reuse principles

    Give priority to the adoption of reuseable digital and ICT solutions, patterns, or knowledge, and, where necessary, design new solutions with a focus on future reuse.

  • Comply with legislation and regulation

    Entities must comply with any legislation relevant to their circumstances.

Capabilities

This policy includes requirements that relate to the following capability.
CAP50

Permissions

Standards

The following standards show what to do to satisfy this policy.

Permissions standard

STA53
Permissions systems facilitate efficiency, consistency and a seamless workflow across entities responsible for secure access. Unique business needs and governance requirements will dictate solution selection, design and implementation. The considerations outlined in this standard are intended to…

Designs

The following designs can be relevant to meeting the requirements of this policy.

Australian Taxation Office voice authentication solution

DES81
Direct link: www.ato.gov.au/online-services/voice-authenticationResponsible agency: Australian Taxation Office The Australian Taxation Office (ATO) has implemented a user-centric voice biometric solution that confirms a person’s identity by matching their voice characteristics to a stored…

Integrated Regulatory Information System (IRIS)

DES155
Responsible agency: Comcare Integrated Regulatory Information System (IRIS) is the primary application used by Comcare’s Regulatory Operations Group for various regulatory licensing, monitoring, compliance, and investigation tasks. It is a central, organised, easy-to access place to store data…

Contractor Reporting, Integrity Information System (CRIIS)

DES160
The Contractor Reporting, Integrity Information Solution (CRIIS) will enhance transparency in Government contingent workforce processes and support the engagement of temporary workers. The CRIIS is being released progressively throughout 2024. The initial releases will be targeted to support the…
Was this information helpful?

Do not include any personal information. We are unable to respond to comments or feedback. If you would like a response, please email, or phone us. Our details are on the AGA contact page www.architecture.digital.gov.au/contact-us.