Access governance is a term that refers to a collection of business processes which, together, have the effect that users have exactly the right set of security entitlements.
These processes typically include:
- Role based access control -- to assign appropriate sets of security entitlements to users.
- A segregation of duties policy engine -- which prevents new and detects existing violations -- i.e., users with "toxic" sets of security rights.
- An authorization workflow engine -- to invite business stake-holders to review and either approve or reject change requests.
- An access deactivation process -- to automate access deactivation in the context of both urgent and scheduled terminations.
- Access certification -- where business stake-holders are periodically invited to review lists of users and entitlements and either certify that each remains business-appropriate, or flag users or security rights for deactivation.
An access governance suite is a set of one or more software programs which automate these processes. Modern identity and access management solutions, such as Hitachi ID Identity Manager, incorporate all of the features above in a single product.