Reference document

Access Policy Management Process

The Access Policy Management Process is responsible for creating, maintaining and evaluating access control policies that specify how information about resources, users and devices (their entitlements and privilege attributes), and the environmental context should be combined in order to determine when to grant or deny access to physical or logical resource. Policies can combine information about the resource, the user and the context to make an access decision using several different ways (different access control modes). The most common access control modes include Access Control List (ACLs), Role-based Access Control (RBAC), Attribute-based Access Control (ABAC), etc. The decision which model (what type of policies) to use depends on required granularity of access control, required ease of administration, overall organization policies, etc. In many cases hybrid approach may be utilized RBAC often provides a sufficient level of granularity to define access policies for internal resources; however, an application that has an extensive remote user population may require additional access mechanisms capable of handling ABAC contextual information.

Access Management Processes