RE: Politically correct term for four-eyes authorization?

Subject: RE: Politically correct term for four-eyes authorization?
From: "Sweet, Gregory (HEALTH)" <gregory -dot- sweet -at- health -dot- ny -dot- gov>
To: Robert Fekete <fekete77 -dot- robert -at- gmail -dot- com>, TECHWR-L <techwr-l -at- lists -dot- techwr-l -dot- com>
Date: Fri, 19 Jun 2015 13:11:22 +0000

We've required a two person process for some of our systems for years and have never heard it referred to as "4-eyes". But do you really need to name the type of authorization at all?

Our documents do not. We list the roles necessary to complete a task and then describe how each role completes their portion.

E.g., "This survey requires a data reporter and a data reviewer to submit data to the department. The data submitter will collect the data and enter it into the survey. The data reviewer will review data entered by the submitter and submit the data to the department. The data reporter and the data reviewer must not be the same person."

It helps that our UI presents appropriate elements to each user type. For example in the data reporting example above a reporter will only see a save button, while a reviewer/submitter will see a "Submit to DOH" button.


Thanks,

Greg



> -----Original Message-----
> From: techwr-l-bounces+gregory -dot- sweet=health -dot- ny -dot- gov -at- lists -dot- techwr-l -dot- com
> [mailto:techwr-l-bounces+gregory -dot- sweet=health -dot- ny -dot- gov -at- lists -dot- techwr-l -dot- com]
> On Behalf Of Robert Fekete
> Sent: Friday, June 19, 2015 4:02 AM
> To: TECHWR-L
> Subject: Politically correct term for four-eyes authorization?
>
> Hi,
>
> We have a problem with a term in our product documentation (and the UI as
> well), and I'd like to ask for your collective wisdom.
>
> In line with the four-eyes principle, our product can require an authorizer to
> approve (and possibly review) the actions of a user. Currently, this is dubbed
> four-eyes authorization. The problem is that the "4-eyes" term is derogatory
> and should be changed. Possible candidates we found and are commonly
> used are "dual control" and "two-person rule", but these are not as accurate,
> because in every definition I could find (for example,
> http://www.theserverside.com/report/Integration-of-User-Control-
> Mechanisms-into-Secure-Critical-Applications
> ), they refer to two users who have the same privileges to perform an action,
> but can only do so together. In our setup, this is not the case, one of the
> users is who performs the action, and the other approves that.
>
> If any of you works in an IT security or finance-related field, have you
> encountered a problem with four-eyes before? (And how did you solve it?)
>
> Thanks a lot for your ideas in advance.
>
> Kind Regards,
>
> Robert Fekete
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Learn more about Adobe Technical Communication Suite (2015 Release) |
> http://bit.ly/1FR7zNW
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> You are currently subscribed to TECHWR-L as gregory -dot- sweet -at- health -dot- ny -dot- gov -dot-
>
> To unsubscribe send a blank email to
> techwr-l-leave -at- lists -dot- techwr-l -dot- com
>
>
> Send administrative questions to admin -at- techwr-l -dot- com -dot- Visit
> http://www.techwhirl.com/email-discussion-groups/ for more resources
> and info.
>
> Looking for articles on Technical Communications? Head over to our online
> magazine at http://techwhirl.com
>
> Looking for the archived Techwr-l email discussions? Search our public email
> archives @ http://techwr-l.com/archives
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Learn more about Adobe Technical Communication Suite (2015 Release) | http://bit.ly/1FR7zNW

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

You are currently subscribed to TECHWR-L as archive -at- web -dot- techwr-l -dot- com -dot-

To unsubscribe send a blank email to
techwr-l-leave -at- lists -dot- techwr-l -dot- com


Send administrative questions to admin -at- techwr-l -dot- com -dot- Visit
http://www.techwhirl.com/email-discussion-groups/ for more resources and info.

Looking for articles on Technical Communications? Head over to our online magazine at http://techwhirl.com

Looking for the archived Techwr-l email discussions? Search our public email archives @ http://techwr-l.com/archives


Follow-Ups:

References:
Politically correct term for four-eyes authorization?: From: Robert Fekete

Previous by Author: RE: Gmail question
Next by Author: RE: "Are technical writers the unsung heroes of document generation?"
Previous by Thread: Politically correct term for four-eyes authorization?
Next by Thread: Re: Politically correct term for four-eyes authorization?


What this post helpful? Share it with friends and colleagues:


Sponsored Ads