Identify individual roles and profiles that pose an access risk to your company. For example, any person who has the role of master database administrator is a risk to your enterprise. Ensure that an employee assigned to this role has been properly authorized. Make sure that you designate the role as a critical role. If your system uses profiles, you may have defined profiles that pose a risk. Make sure that you designate each one as a critical profile.