|
 Draft operational guidelines of digital india land records modernization programme (dilrmp) introduction
|
| səhifə | 14/92 | | tarix | 19.06.2023 | | ölçüsü | 3,17 Mb. | | #117879 |
| Final Draft Revised Guideline of DILRMP with manual14.2 User and Data Authentication
14.2.1 User authentication is the process of identifying a user. The information system must satisfy itself that the user is the one who he/she claims to be. There are a number of ways a user can be authenticated. Password authentication is sufficient for the purpose of extracting user-related information. However, for users who are to have more privileges on the database than that of merely reading it, then stronger forms of authentication are recommended. For such users, a two-factor authentication scheme is recommended; for example, authenticating a user both with a password and the biometric technology.
14.2.2 Besides authenticating the user, every land record data that is entered into the database needs to be approved/authenticated by the officer who is competent for the purpose as per the local revenue manual. The land information system should provide a user interface for performing this task. Once a data item has been approved/authenticated, the application system does not allow any further changes to it. That is, there is no user interface provided to make any change directly to an approved record. If any change does occur, a new record is entered, verified and authenticated. Thus, the information system also records a history of the changes occurring to any piece of data.
14.2.3 In a database environment, the database administrator (DBA) may have all privileges on the database, i.e., he/she can insert any record, change any record or delete any record, irrespective of the fact that he/she is not the approving authority as per the local revenue manual. Such overriding privileges with a single person must be used with propriety; otherwise, these can be abused. On the one hand, centralizing certain functions to be performed in the database environment improves communication, coordination and control. On the other hand, vesting substantial powers in the DBA role runs contrary to the fundamental principles of sound internal control. This problem is not unique to Integrated Land Information Management System, but is common to all e-Governance initiatives that use databases. Therefore, the States/UTs must take remedial measures for reducing the risks associated with the DBA role. Certain suggestions in this regard are outlined in Technical Manual Chapter-5 (Section-B).
Dostları ilə paylaş: |
|
|
