What is Access Management?
Access management refers to the processes, policies and technologies used to manage and control users' access to resources within an organisation's IT environment. It encompasses various aspects such as provisioning, deprovisioning and ongoing access monitoring.
While Access Control is associated with authentication and authorisation as well as granting initial access, access management focuses more on provisioning new users with the necessary access rights, privileges, and resources when they join an organisation. Conversely, deprovisioning removes or revokes access rights promptly when users leave the organisation or change roles, reducing the risk of unauthorised access.
Organisations define access control policies that dictate who can access specific resources, what actions they can perform and under what conditions access is granted or denied. Role-based access control (RBAC), attribute-based access control (ABAC), and least privilege principles are commonly used to enforce these policies effectively.
Managing users' access throughout their lifecycle involves regular reviews, updates, and adjustments to access rights based on changes in roles, responsibilities or organisational policies. This ensures that access privileges remain appropriate and aligned with business needs.
