ARM – For the new kid on the block
In line with my other documents ARA – For the new kid on the block & EAM – For the new kid on the block, this is yet another document to help people who are new to this neck of the woods/Access Control, an overview of my understanding of what ARM is all about and how it works.
As usual feel free to skip it if you are well versed in this topic, however please do stick around and feel free to enlighten me with your expertise if I made any mistakes or if you would like to correct/add more on/to this topic.
|Access Request Management (ARM)|
Provisioning access to users, in the traditional manner, involves the user completing paper forms that request access to backend systems or business applications. Those forms are then submitted to the first-line approver who reviews, approves, and forward them to second-line approvers who are IT security or the request can be automatically provisioned by the administrator of the target system.
Usually, during the approval process, the managers who review access requests are expected to research and identify any potential conflicts of interest between roles that the requester currently has and any new roles including permissions being requested. However, access requests that are under-research and are expedited for approval can cause significant problems where legal, regulatory, security, and financial risks can potentially harm the corporation.
ARM automates the access provisioning approval process by linking the request with workflows. When a user (Requester) makes an access request to resources for which they do not have permission or need access to, ARM automatically forwards the access request to designated managers and approvers within a pre-defined workflow. This workflow is customized to reflect your company’s policies. Roles and permissions are automatically logged to the enterprise directories when the access requests are approved for future reference and audit purposes. ARM ensures corporate accountability and compliance with Sarbanes-Oxley (SOX) along with other laws and regulations.
This pretty much is the gist of ARM and should be enough to get you started. For a more comprehensive understanding/configuration and other bits and pieces on this topic, please check out the links in the following document put together by Alessandro, which covers everything in detail. Please check under Access Request Management (ARM).