Access governance is a term that refers to a collection of business
processes which, together, have the effect that users have exactly
the right set of security entitlements.
These processes typically include:
- Role based access control
-- to assign appropriate sets of security entitlements to users.
- A segregation of duties policy engine
-- which prevents new and detects existing violations -- i.e., users with
"toxic" sets of security rights.
- An authorization workflow engine
-- to invite business stake-holders to review and either approve or
reject change requests.
- An access deactivation process
-- to automate access deactivation in the context of both urgent and
- Access certification -- where business
stake-holders are periodically invited to review lists of users and
entitlements and either certify that each remains business-appropriate,
or flag users or security rights for deactivation.
An access governance suite is
a set of one or more software programs which automate these processes.
Modern identity and access management solutions, such as Hitachi ID Identity Manager, incorporate
all of the features above in a single product.
Return to Identity Management Concepts