It is important to link access to its origins, answering questions such as:
- When did this user acquire this entitlement?
- Who requested the access?
- Who authorized the access?
- Who last reviewed the access?
Few systems record this kind of detail when access is granted. Without such change logs, users with elevated privileges cannot be held accountable for granting access rights to themselves or others.
- Requests processed by the Hitachi ID Identity Manager workflow system include business-level details, such as requester, recipient, approver, date, etc. Every change has a requester, a recipient and at least one authorizer.
- Identity Manager records the history of every entitlement discovered on integrated systems and of every access request it processed.
Combining business-level details with indefinite retention of change history creates accountability for every stake-holder.