Access Request Flashcards
What specific rule do identities follow?
Users and Identities have a 1 to 1 relationship. Each user has 1 identity which is never shared across multiple users
What is the main difference between accounts and identities?
Accounts are specific to the system or application. Identities are enterprise wide
How is demographic data collected for each Identity used?
It is used to help perform access reviews, decide what role a user should be placed in, restrict what access the user can or can’t request.
Can also be used for a variety of automated rules
What is the difference between demographic Identity data and Account demographic data?
Identities are supported by demograhic data about who you are. Account demographic data is supported by access data about “What the account can do”
How are accounts viewed as a security feature?
They require users to “Login” and prove they are who they say they are and then to only allow them to perform certain functions or see certain data
What is the only type of application that would not have entitlements?
Those where everyone who has an account has full access, and there is no other level of access possible
Describe the entitlement breakdown
Entitlements can be 1-part - “can update the customer table” or they can be 2-part “can update the customer table for Saturn Bank, but can only read the customer table for Jupiter Bank”
What are Application-Level Roles?
Predefined bundles of entitlements that only exist and are relevant to that one specific application that allow the admin of an application the ability to quickly and easily grant access
What are other names for Application Level roles
Bundle roles, profiles, or templates
What are groups?
Similar to roles, they are a bundle of entitlements, but they can cross multiple applications. Typically they are found in systems that already touch multiple applications, like:
Mainframes (using RACF, ACF2, Top Secret)
Midrange (like AS/400 or I-series)
Active Directory
eDir and other Directories
What is a key difference between Application-Level Roles and Groups
A-L Roles are tied to the Account in the specific application while Groups are tied to the Account at the Mainframe/Midrange/Directory level.
How does nesting cause issues?
It hinders the ability to conduct access governance tasks and audit functions.
What is another name for Roles?
Also are known as RBAC Roles or Job/Functional Roles.
Which grouping of entitlements are the highest level of abstraction and are the most complex to setup and maintain, but generate a lot of value when implemented correctly?
Roles
What are Roles based on? i.e. Clerk 2 or Rep 5?
They are based on a job title or job code or combinations of fields that are part of the users Identity record
