• Too many security groups and mail distribution lists.
  • Groups represent business functions but are only manageable by IT.
  • Hard to tell whether membership and access are appropriate.
  • Assigning privileges is complex and costly.
  • Groups and memberships persist long after needed.

  • Empower business users to create, manage groups directly.
  • Apply policy to requests, naming, metadata.
  • Make groups and memberships temporary where possible.
  • Calculate group membership where there is supporting data.
  • Use request/approval and review/revoke workflows to clean up.
  • Apply analytics to find too-small, too-large, overlapping, etc.