Access Management
[TBD]
Outcome
- A flow for requesting permissions is defined and available to everyone in the organization
- Each tool has a clear owner that can approve or deny access requests
- A review/approval process is in place, with the owners of the tool being requested to approve
- A playbook/guide is created on how to review and accept (or not) the access request
- There's a clear definition of the tools and roles per tool that can be requested and for what
- Granting access to a tool is automated when possible
- Privileged access requests are reviewed by a security team
- A periodic access request review to the tools is in place to ensure permissions are up to date.
Metrics
- Users with more accesses
- Users with more privileged accesses
- Users with more access requests denied
- Tools with more access requests requested
- Tools with more privileged access requests requested
- Percentage of automated flows for permission granting
Tools & Resources
- Access - Tool for access requests & management (Free)
- RepoKid - Tool to help maintain least privilege permissions in AWS (Free)
- Opan - Tool for access requests & management (Paid)