Get to Know the Underlying Principles Behind the Access Manager
Learn more about the underlying principles of the Access Manager:
Autocorrect of permissions
Self-Service for Data Controllers and End Users
Regular Permission Review with Reapproval
Your employees receive additional permissions every day – do they really need them all?
According to the need-to-know principle, employees should only obtain the access permissions they actually need. This approach is often applied to the assignment of permissions but forgotten again when it comes to eventually removing the permissions. Employees therefore gradually accumulate permissions the longer they remain at the company – regardless of whether the permissions are still required after years of service.
To prevent this uncontrolled growth in permissions, auditors recommend recertifying or reapproving permissions. In doing so, data controllers should regularly review the existing permission situation. But they’re often not especially happy to take on this task. For them, it means extra work and having to get to grips with technical details and mountains of documents full of complex matrices.
Keeping existing hurdles for data controllers as small as possible is therefore essential for a successful recertification process.
This is where the Access Manager comes in with the integrated Reapproval system. This process also benefits from intuitive use via a browser, enabling straightforward and transparent access management.
Profile Management for Presenting Organizational Permissions
Staff and structural changes within an organization regularly necessitate fine adjustments to the permission situation in the various IT systems. The research, coordination and adjustment work involved takes up substantial resources in decision-making by data controllers and implementing changes to grant, alter or remove numerous user permissions.
To assign new permissions, the need-to-know principle is often rejected in favor of the scattergun approach:
Permissions are assigned generously at the departmental level or reference users with similar tasks are used as a basis to roughly determine new sets of permissions. In this process, the individual permissions of the reference user are frequently adopted without further thought. Or, the ability to assign individual permissions is prevented throughout the organization, occasionally leading to unconventional (and largely insecure) forms of data exchange between users.