We recently had an employee leave the company to take on a contractor role with us. While they're still working at the same desk, their job status and HR details have changed. This person currently has global admin rights in our systems, and I'm wondering about the best course of action regarding this access. Should we remove their global admin privileges? If so, do we need to inform HR or the individual about this decision, or can we do it without notifying anyone since they are no longer officially part of the company? We're a small team and do have other global admins on staff.
3 Answers
The global admin role is pretty risky to give out broadly, even just based on relationships. If you can clarify if they actually need those rights for their job tasks, that might help you determine whether to grant them specific permissions instead. Always good to minimize access where possible!
Absolutely, you should consider removing their global admin access. It's a risky position to hold, especially for someone who's not a full-time employee anymore. As a best practice, global admin rights should only be assigned to a select few and should ideally be protected behind Privileged Identity Management (PIM) to limit exposure. It’s essential to rationalize any access based on the actual job requirements.
I'd recommend restricting global admin rights for anyone who isn't a core employee. This encompasses both employees and contractors. If their contractor duties require certain privileges, try assigning them more granular permissions instead. It’s better to keep an eye on access levels to avoid potential security issues down the line.
For sure! Implementing a new access policy for everyone can streamline the process and keeps things consistent.
Yeah, I totally agree! Keeping permissions tight is crucial for security. Only give out global admin access if absolutely necessary.