S 4.67 Locking and deleting database accounts which are no longer required

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Administrators

Database accounts which remain unused over an extended period of time should, if possible, be locked and later deleted. Users of such accounts should be informed duly before these accounts are locked, and at all events before they are deleted.

If a to be newly created user only requires a database account for a limited period of time, then, if the database offers this possibility, the account should also be established for a limited period. It can prove expedient to establish accounts initially for a limited period and extend their duration at regular intervals (e.g. annually) as required.

If a user of a database is expected to remain absent for an extended period of time (e.g. due to holidays, sick leave, delegation etc.), his database account should, in order to prevent continued use of his ID over this period, be locked for this duration. The database administrator must be notified of all extended periods of user absence. It is expedient to have this done by the personnel department using standard notifications of absence.

Furthermore, the database administration should be informed as quickly as possible about user departures. The accounts of departing users should be deleted no later than on their last day of work.

Additional controls:

• Do rules on the organisation of temporary database accounts exist, particularly if the database system does not support the creation of such accounts?

• How are checks made as to which database accounts are no longer used?

• Are regular checks made as to which database accounts are no longer required?

• Is the database administration informed about users who are to depart or remain absent for extended periods?