Ideally, users should have just the access they need. No more -- that creates unnecessary risk due to errors or malicious action -- and no less -- that would interfere with legitimate use of systems and applications. This can be hard to accomplish, as user access requirements can be complex, unique and often change over time.
Hitachi ID Identity Manager helps organizations to link access rights to business context and minimize the gap between actual entitlements and the minimum set required by users to do their jobs:
- Access rights can be bundled into roles, which represent all the rights needed to perform various jobs.
- Roles can be automatically assigned, based on attributes that describe a user's department, job code, location, etc.
- Access requests should include rationale -- why is a given access right appropriate to a given user?
- Access certification can be used to review what access rights a user has, and remove entitlements that no longer make sense.
The result is users with access that closely approximates what they need to do their jobs.