Home » ITIL » Access Management Process

Access Management Process

The role of the Access Management process is to grant access rights to a service or group of services while preventing access to non-authorized users. The aim within this process is to maintain the confidentiality, availability and integrity of the data and intellectual property within an organization.

Key activities in Access Management include:

  • Requesting Access
  • Verification
    • Confirming that the user is who they say they are
    • Validating that the user has a need for that service
  • Providing Access Rights
  • Monitoring Identity Status
  • Logging and Tracking Access
  • Removing or Restricting Access

The following are key concepts within the Access Management process:

  • Access – This refers to the granting of rights to a user to be able to access a service, data, or facility. In addition, it defines the level and extent that a user is entitled to interact with the data or service.
  • Identity – Identity refers to the information that distinctively identifies users as individuals within the organization. Each person that interacts with the IT infrastructure should be uniquely distinguished.
  • Rights – Rights are the actual functions that a user is allowed to carry out. Some usual rights that can be assigned are read, write, execute, change or delete.
  • Services or Service Groups – These are the different roles that users can perform. The rights are assigned to the different roles. Once the user has been assigned to a specific role, then they inherit the rights of that particular group.
  • Directory Service – This section defines a particular tool that can be used for managing identities, rights, and roles.

Access Management offers users the right to access a service or a group of services as outlined in policies from Security Management and Availability Management.  Access Management is normally initiated with a Service Request by the Service Desk.

Tags: , , , ,

About this author:

Avatar

Frank is a leading trainer in IT Security.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.