Role with Grace Period
Sometimes it's better to delay revocation of certain access rights
An Identity Management provisioning engine, like NetIQ IDM, is designed to automate and execute actions though the provisioned IDM drivers as fast as possible. This is desired in most cases, but it can also cause problems and increase inefficiency.
For example when an employee changes job position but still needs to ‘coach’ another employee that is overtaking his previous job. Or to mitigate risks in business operations, like when a Role was mistakenly revoked as part of an access review campaign or other processes. The affected employees get notified and have time to react before any associated access rights are effectively removed.
Role with Grace Period is designed to be easily deployed on top of any NetIQ IDM setup with an existing Role Catalogue
Enables smooth
business operations
Facilitate deployment of an RBAC role model
Reduce risk of
human error
In a nutshell
Role with Grace Period carbon-copies access right as long as needed
When any event or process revokes a Role, and if that Role is being ‘protected’ by a Grace Period, Role with Grace Period will maintain the carbon-copy role granted for the specified number of days and, optionally, send a notification to the affected user.