Authorization to access part of a system, or to perform a specific action on a system, where access is otherwise restricted. Also known as an access right.
An audited process that enables managers or other responsible parties to review and certify user access privileges. User entitlement records can be automatically approved or rejected, or, they can be manually attested. Also see attestation.
Account attributes provide a way for Waveset administrators to create a standard set of names that map to attributes on managed resources. For example, a Waveset attribute named fullname might map to the displayName attribute on Active Directory resources, and the cn attribute on LDAP resources. Any changes to the user's fullname attribute in Waveset, is then passed to the user's displayName and cn attributes on the user's remote resource accounts.
Person who configures Waveset or is responsible for operational tasks, such as creating users and managing access to resources.
User interface used by administrators to configure and manage Waveset.
One of the four role types in Waveset, the Application role-type is a collection of resources, and/or resource groups, and/or specific applications on resources, that users need in order to do their jobs. Application roles cannot be assigned directly to users, but can be assigned to IT Roles and Business Roles.
The process of granting or denying a user access-request to a role, a resource, or an organization. A Waveset administrator with permission to view and respond to an approval work item is called an approver.
User with administrative capabilities responsible for approving or rejecting access requests. Also see approval.
One of the four role types in Waveset, the Asset role-type is (typically) reserved for non-connected and/or non-digital resources that require manual provisioning--for example, mobile phones and portable computers. Asset roles cannot be assigned directly to users, but can be assigned to IT Roles and Business Roles.
To confirm that a user entitlement is appropriate.
The process of certifying that a specific user has the appropriate privileges on the appropriate resources at a specific point in time. A Waveset user with permission to view and respond to an attestation work item is called an attestor. Waveset rules determine whether a user entitlement record needs to be manually attested, or if it can be automatically approved or rejected. An attestor can approve, reject, or forward each user entitlement included as part of an attestation task.
A logical collection of user entitlement reviews requiring attestation. User entitlements are grouped into a single attestation task if they are assigned to the same attestor and produced from the same access review instance.
One who accepts responsibility to certify ( attest) that a user entitlement is appropriate. An attestor has extended privileges to manage user entitlements that require attestation.
One of the four role types in Waveset, Business Roles are used to organize into groups the access rights that people who do similar tasks in an organization need. The Business Role role-type is made up of one or more Asset roles, Application roles, and/or IT Roles. Business Roles are meant to be directly assigned to users.
A group of access rights for user accounts that governs actions performed in Waveset; a low-level access control within Waveset.
The process of temporarily assigning future work items to one or more other users for a specified period of time.
One of the four role types in Waveset, the IT Role role-type is a collection of roles ( Assets, Applications, and/or other nested IT Roles), as well as resources, and/or resource groups. In some configurations, IT Roles can be directly assigned to users, but usually IT Roles are assigned to Business Roles, which are assigned to users.
Waveset containers used to enable administrative delegation. Organizations define the scope of entities (such as user accounts, resources, and administrator accounts) an administrator controls or manages. Organizations provide a 'where' context, primarily for Waveset administrative purposes.
Establishes limitations for Waveset accounts. Waveset policies establish user, password, and authentication options, and are tied to organizations or users. Resource Password and Account ID Policies set rules, allowed words, and attribute values, and are tied to individual resources.
The process of correcting compliance violations discovered by Waveset's auditing feature. Waveset audits data across the enterprise to ensure compliance with internal and external policies and regulations. An administrator with permission to view and respond to policy violations is called a remediator.
In Waveset, a remote application or system on which accounts are created. Remote resources to which Waveset provides access include mainframe security managers, databases, directory services, applications, operating systems, ERP systems, messaging platforms, and more.
Collection of resources used to order the creation, deletion, and update of user resource accounts.
A role is a Waveset object that allows resource access rights to be grouped and efficiently assigned to users. Roles are organized into four role types: Business Roles, IT Roles, Application Roles, and Assets. IT Roles, Applications, and Assets organize resource entitlements into groups. These three groups are then assigned to Business Roles so that users can access the resources they need to do their jobs. Some roles are optional and can be requested by clicking Requests in the main menu, Launch Requests in the secondary menu, and Update My Roles.
A Waveset administrator with permission to view and respond to role approval work items. Role approvers can approve or deny role-approval work items.
Person who holds a Waveset system account. Users can hold a range of capabilities in Waveset. Those with extended capabilities are Waveset administrators.
Account created using Waveset. Can refer to either a Waveset account, or an account on a remote resource managed by Waveset. The user account setup process is dynamic. Information or fields to be completed depend on the resources provided to the user directly or indirectly through role assignment.
In Waveset, an auditable access privilege granted to a user on a resource or system that enforces access restrictions.
In Waveset, the user interface allows users without administrative capabilities to perform a range of self-service tasks such as changing passwords and setting answers to authentication questions. You are currently signed in to the user interface. Also known as the end-user interface
A logical, repeatable process during which documents, information, or tasks are passed from one participant to another. Waveset workflows comprise multiple processes that control creation, update, enabling, disabling, and deletion of user accounts.
|