Entitlements that can be Certified
Hitachi ID Access Certifier can be used to periodically review security entitlements held by users and, for each entitlement, either certify that it remains appropriate or request that it be removed, perhaps after closer examination by another business user.
This process can be used to certify several kinds of security entitlements which users may have:
- Login IDs on directories, systems and applications, which have been associated with a user's profile.
- Membership of a user in security groups.
- Assignment of roles (which may aggregate other login IDs, groups or roles) to a user.
- Previously approved exceptions to segregation of duties (SoD) policies.
- Previously approved exceptions to RBAC policies.