In order to protect data, this restriction of usage rights is unavoidable and is therefore implemented in almost all organisations. However, it is precisely this circumstance that often complicates the work processes of employees: If permissions are missing, the first step is to go through the IT department. They, in turn, must first determine who is responsible for the data in the departments. At the same time, there is a lack of transparency as to who is authorised where.
As a result, authorisations are quickly assigned on a scattergun principle, data is copied into public areas or the revocation of rights that are no longer needed is often neglected. Recertifications recommended by auditors, in which data managers have to check the rights situation at regular intervals, often mean frustration due to additional work and paper mountains full of complex matrices.