Definition: The word "permissions" relates to access privileges that are granted to an individual when they are authenticated to use an information system. Employees or other individuals are authorized or granted rights to perform various degrees of operations on information resources. One example of a limited permission might be the ability to only "Read" a document. Another might be to “Read/Write”. Authorizing individuals to use certain information resources necessitates that the information be classified and that the people who are granted access have a specific level of access that matches the classification level of the resource. Access rights or permissions should be based upon a "need to know".
Its Relevance: Businesses and organizations need to specify who has rights to access and use information resources. Some information might be too sensitive for general or public release. Other information, such as that contained on a public web site, might be less critical. Access control and the allocation of rights should be carefully structured to be compatible with an organization's information assurance plan.