of activities. Dual control often requires two separate people
            working together simultaneously to complete a task.



            Location-based Access
            When a user logs in from their desk - a more controlled
            environment - then they may have their full access rights, but if
            they log in remotely - from an uncontrolled environment, then
            their access may be more limited. It could be that they are
            unable to download any data or access more sensitive
            information when at a remote location.


            Levels of Access

            The levels of authorization are based on the principles listed
            above, according to the requirements of the user. Some users
            may be administrators and have nearly unlimited access, while
            others may have read-only or write-only access. The term
            sometimes used is CRUD (Create, Read, Update, Delete). The
            level of access granted should only be according to the job
            requirements, and the user should use that access with an
            awareness of the policy, procedures, and responsibility that
            comes with access.

            When an administrator has an account with high-level access,
            they should use that account sparingly and have another less
            privileged account that they use for normal activity. Of course,
            all activities done at the administrator level should be logged
            and traceable back to the individual administrator. These logs
            must be reviewed to ensure that no unauthorized changes have
            been made.