Data system owner determines the access roles to the system in relation to the tasks of users. The compliance of the actual access rights with the planned ones must be monitored and the rights reassessed at regular intervals.
When reviewing access rights, care must also be taken to minimize admin rights and eliminate unnecessary accounts.