Home page logo
/

basics logo Security Basics mailing list archives

Re: Access Rights tracking system
From: "Rodrigo Blanco" <rodrigo.blanco.r () gmail com>
Date: Thu, 27 Dec 2007 03:44:15 -0600

Hello Sapran,

I understand what you are looking for is an approval workflow,
deploying at least three process models (newcomer, access rights
change, and leavers). You have both open source and commercial
solutions in this area.

Of the Open source ones, I would recommend Bonita, which is a free,
java-based and very flexible BPM solution (bonita.objectweb.org).

If looking for a commercial one, I usually work with Evidian Approval
Workflow (http://www.evidian.com/iam/approval-workflow/index.htm).
While being commercial, this solution plugs optionally into a full IAM
+ SSO solution, that may provide you with an interesting functional
evolution in the future.

Both of them will provide graphical design tools to create and test
business processes.

Kind regards,
Rodrigo.

On 26/12/2007, ыфзкфт <sapran () gmail com> wrote:
Hi list.

I am looking for the software solution to fit the following needs. Any
help would be appreciated. I tried to ask google on this, but maybe I
just cant form the correct search string...

The software must provide for tracking access rights of a person
during their employment. There must be a sort of global access matrix
and several basic and specific security roles. First, HRs must place a
request for the basic set of access rights for a new employee. Second,
an employee's manager should request for a job's specific rights.
Next, since an employee might change their job role, there must be the
way to change their access rights. There must be features to apply
access rights on temporary or scheduled basis, for affiliates and
auditors. Finally, there must be the way to suspend and terminate an
employee's access rights due to their dismissal.

Every request for a set of access rights must be approved by the
managers responsible for access rights assignment. That wold be nice
if the software might email those managers asking for approval anytime
the request is placed.

We have a medium sized company and no advanced identity management or
single login system is needed. So, this should be a framework for
access rights accounting.

Thanks in advance, have a nice day.

--
sapran


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault