Afya, one of the largest medical education companies in Brazil, faced challenges in managing its users' access to corporate data. To address this issue, we implemented the Role-Based Access Control (RBAC) model, a strategic solution that not only protected corporate data but also increased the company's operational efficiency.

‍

Objective

‍

Protect corporate data, as well as enhance the Company's operational efficiency by restricting user access based on their business functions.

‍

Evaluation of profiles and functionalities

‍

• 270 reviewed profiles.
91,500 evaluated features.
• 20 TOTVS RM modules included.

‍

Reduction of accesses

‍

• Access before the project: 7,928,291.
• Accesses after the project: 1,721,657.
• 78% global reduction in accesses.
• Development of RBAC Profiles:
• 880 users covered by the new system.
• 207 RBAC profiles built.
• 60 non-transactional profiles created (including cubes and visual formulas).

The implementation of RBAC in Afya guaranteed the standardization of functions, allowing users to have access only to the information necessary for their work routines. With this, we mitigate the risks of accessing sensitive information that is not relevant to certain functions, strengthening the security of corporate data, thus generating a safer and more efficient IT environment.

The 78% reduction made IT management easier and as a result the company obtained a more agile response to security incidents and better compliance with internal policies and external regulations.