It is a basic expectation that every business has clear knowledge of the employees who work for them and their assigned job titles and workplace responsibilities. Once upon a time, computers were used to provide minor assistance to job functions, like providing instant calculators and a web browser to access Google. However, in today’s digital landscape, an employee’s digital identity and responsibilities can closely or even completely mirror their real-world responsibilities. Many workers across the globe perform 100% of their work tasks remotely. Therefore, it is just as important to be able to supervise an employee’s digital presence as it is to supervise their face-to-face work. In many cases, it is even more important as digital technology can allow individuals to take more consequential actions than they would be able to in physical form.

Cataloging all of your employees and their roles allows you to clearly map out what privileges they should be afforded on digital systems. This is especially important for designing Role-Based Access Control (RBAC) systems, which are becoming the preferred method of access control in business environments. Therefore, you must create an inventory of all of your employees and their associated job titles. Then, each employee should have their role's business responsibilities listed in their record. Ensure that you include roles that are not currently filled but can be expected to be filled at any point in the future.

You should be able to ascertain this information from the job descriptions stored with your Human Resources data. After you have clearly defined employees, roles, and responsibilities, you will want to add another section for digital user roles. This section should essentially be a mapping of how responsibilities listed in the job description translate to digital rights and privileges. Depending on the nature of the specific role, these digital user roles may completely mirror everything listed in the job description or consist of a few basic rights. For example, today's accountants likely perform all of their work on a computer and thus need corresponding digital rights to perform said work across multiple systems and software platforms. On the other hand, a field carpenter who works primarily with their hands likely only needs the right to send emails, view content on the company project management portal, and submit their timecards to HR. Every single role should be afforded the bare minimum number of rights and privileges they need to perform their job effectively. This is essential for adhering to the Principle of Least Privilege (PoLP) and reducing your digital attack surface.