14. Manage Entitlements
Entitlements management is the process of overseeing and adjusting the access privileges granted to individuals, roles, and groups within an organization. This process is sometimes known as ‘provisioning’ and applies mainly to the “static” model of access management (see the Authorize Access, Static use case).
Managing entitlements happens during design time, before an individual attempts to access protected resources, and an individual’s entitlements must be provisioned before they will be able to access protected resources.
Pre-condition: Individual has an active credential.
An actor requests to create entitlements for an individual. This actor could be the individual, an administrator, or an automated system, depending on the organization. |
|
The request change is reviewed. Reviewer could be a person or a system that evaluates the request against existing policy. They may be multiple layers of review. |
|
If the requested change is in accordance with policy and the individual has a mission need for access, the request is approved. | |
The individual is provisioned with updated access entitlements. Those entitlements are updated and maintained whenever their roles changes. |
Post-condition: The individual has been provisioned entitlements that allow them access to the appropriate resources for their role.
Click here for a consolidated image of this use case.