Access management grants authorized users the right to use a service, but denies unauthorized user access. Some Organizations also call it "rights management" or "identity mangement"
Scope
- Access management ensures that users have access to a service, but it does not guarantee the access is always available at the agree times. This handled by availability management
- Access management can be initiated via a number of mechanisms, such as the service desk by means of a service request
Value for the business
Access management has the following value:
- Controlled access to services enables the organization to maintain confidentiality of it information more effectively
- Staff have right access level to do their jobs properly
- The risk of errors during data entry or the use of a vital service by an unqualified user is lower
- There is the option to withdraw access rights more easily when it is necessary access may be necessary for compliance
Basic concept
Access management has the following basic concepts:
- Access - Refer to the level and scope of the functionality of a service or data that a user is allowed to use
- Identity - Refer to the information about the persons who the organization distinguish as individuals; establishes their status in the organization
- Rights - Refer to the actual settings for a user; which service (group) they are allowed to use; typical rights include reading, writing, executing, editing and delete
- Services or service group - Most users have access to multiple services; it is therefore more effective to grant every users access to an entire series of services that they are allowed to use simultaneously
- Directory services - Refer to a specific type of tools used to manage access and rights
Activities, methods and techniques
Access can be requested via a number of mechanisms, such as:
- A standard request generated by the human resources department; this generally occurs when someone is hired, promoted or leaves the company
- A Request of change (RFC)
- An RFC submitted via the request fulfilment process
- Execution of an authorized script or option
- Verification
- Access management must verify every access request for an IT service from two perspectives:
- Is the user requesting access truly the person he says he is?
- Does the user have a legitimate reason to use the service?
- Granting rights
- Access management does not decide who get access to what IT service; it only executes the policy and rules defined by the service strategy and service design
- Monitoring identity status
- User roles may vary over time, with an impact on their service needs; examples of what may change a role are: job changes, promotion, dismissal, retirement or death
- Registering and monitoring access
- Access management does not only respond to requests; it must also ensure that the rights it has granted are used correctly
- Revoking or limiting rights
- In addition to granting rights to use a service, access management is also responsible for withdrawing those rights; but it cannot make the actual decision
Source: OGC
No comments:
Post a Comment