- As users move through an organization, periodically changing job
functions, they tend to accumulate privileges.
- Over time, a user who has had many different jobs will accumulate many
privileges:
- Some of the privileges are no longer required and
- some of them may be inappropriate to that user's current job.
- This process is called privilege accumulation
and can lead to situations where users have so many rights that they
can bypass internal controls, possibly violating regulatory requirements
for privacy protection or transparent corporate governance.
|
Hitachi ID Access Certifier is a workflow solution designed to find and remove
inappropriate user privileges using a strategy of frequent micro-audits:
- Access Certifier is used by organizations to periodically invite managers,
application owners and group owners to review users and privileges
within their scope of authority.
- These stake-holders flag inappropriate rights for possible deletion.
- Access Certifier routes such change requests to authorizers.
- Once approved, Access Certifier acts on these changes, removing
orphan accounts, dormant accounts and inappropriate privileges on
every common system and application.
|
