Home

⚠️ This document is a work in progress

Data management practices

The following aims to define a set of best practices for managing the data of University of Waterloo systems for the purposes of privacy, security, and system longevity.

Least privilege access

The principle of least privilege access is the practice of limiting access to the minimal level required to perform a task. This is a fundamental security practice that should be applied to all systems.

Common practice

Systems have full access to all data. Developers and other individuals who help administer the system also have access to all data, across all environments.

While incredibly convenient, this practice poses a heightened security risk. If a system or account is compromised, the attacker gains access to all the data.

Better practice

Access to data is granted to a service account with the minimal level of access required to perform the required operations. Individuals should not have direct access to production data. Should access be granted, it is only for a limited time.