Permission path analysis based on access intelligence

Abstract

The current Idintity and Access Management (IAM) landscape mainly consists of classic Identity Management (IdM) and business-oriented Access Governance. IdM focuses more on providing a single point of administration and provisioning users with the needed access rights. In contrast, Access Governance concentrates on integrating business departments in the assignment and controlling of access rights in the organisation. It therefore provides functions like access request and approval workflows and access certification processes. In addition, the demand to analyse access right structures to cover compliance requirements increases. We therefore use a business intelligence (BI) based approach to complement the current IAM landscape with comprehensive and powerful analysis capabilities. We see the following additional values in providing a separate Access Intelligence system: Using a BI system allows us to convert the access data into a format which allows flexible and fast analytics. We can fulfil the demand of many organisations to separate their operative access control systems and the analytics system. Using the well-known capabilities of a BI system, new analyses are provided. One example is the permission path analysis. It divides complex access structures into single paths and thereby lays the foundation for effective access right analyses. In this paper we present the permission path analysis and describe two evaluations based on it.