Challenges with access certification

Users often have unique and changing business responsibilities, so their access rights may be difficult to represent by simple role or user class membership. Also, over time users tend to accumulate login accounts and access privileges as they move through an organization. These processes make it challenging for an organization to model the appropriate access requirements.

Access termination is also a challenging process. It is not always clear when a user’s access to systems should be removed. Consider a user who moved from one department to another, but acts as a backup resource for his old responsibility for some limited period of time after the move. At what time is it safe and appropriate to remove the user’s old access rights? Which of the old rights are required to perform the user’s new job?

In this section:

Challenges with access certification

Search results