Fast, unbureaucratic and uncomplicated – this is how the assignment of rights in the system seems to proceed when it is carried out manually by administrators. It is obvious that this makes it difficult to implement the need-to-know principle. In practice, however, more and more extensive authorizations accumulate over time, and not all of them are needed. But that is not all. In addition to the effort involved in manual administration and the historically grown authorizations, there is another problem: undocumented AD groups created by hackers.
This is exactly where Access Manager steps in and offers a way to put a stop to growing permissions and malicious AD groups through automatic SET-ACTUAL matching. We will explain why it is not enough to manually document changes and remove them yourself.