Reference document

Privilege Management Process

The Privilege Management Process is responsible for establishing and maintaining entity privileges to protected resources accounts, entitlements and roles that comprise an individual’s access profile. ‘Accounts ‘ enable entity to gain basic access to the resource. ‘Entitlements ‘ represent features of an individual that can be used as the basis for determining access decisions to both physical and logical resources and are considered attributes that can be linked to a digital identity. ‘Roles ‘ provide additional abstraction layer to simplify privilege assignment. Individuals in a particular role share similar information needs and as a result they likely share similar entitlement attributes. Use of roles or similar attribute groupings significantly reduces the complexity involved in managing user privileges. Privilege Management Process supports updates to privileges over time as an entitys access needs change. Privileges, when combined with access control policies and resource access rules, are used to make intelligent access control (authorization) decisions. The authorization decision relies on the presence or absence of one or more specific entitlement attributes or roles. The most common entitlement attributes include employer details, job duties, locations, special qualifications, certifications.

Access Management Processes