Access governance is a term that refers to a collection of business processes which, together, have the effect that users have exactly the right set of security entitlements.

These processes typically include:

  • Role based access control -- to assign appropriate sets of security entitlements to users.
  • A segregation of duties policy engine -- which prevents new and detects existing violations -- i.e., users with "toxic" sets of security rights.
  • An authorization workflow engine -- to invite business stake-holders to review and either approve or reject change requests.
  • An access deactivation process -- to automate access deactivation in the context of both urgent and scheduled terminations.
  • Access certification -- where business stake-holders are periodically invited to review lists of users and entitlements and either certify that each remains business-appropriate, or flag users or security rights for deactivation.

An access governance suite is a set of one or more software programs which automate these processes. Modern identity and access management solutions, such as Hitachi ID Identity Manager, incorporate all of the features above in a single product.

Return to Identity Management Concepts