-
Difficult to open
When users open permissions, there are many permissions application entrances, and processes, long approval cycles, and a wide range of permission types and terms, which are not easy to understand; most of them are executed manually during authorization, inefficient.
-
Difficult to recover
In the case of employees leaving or job transfer, vendor withdrawal or duty change, personnel change or organizational structure adjustment, the administrator manually recovers the permissions from each application system one by one with the heavy workload, which easily leads to untimely or unrecovered permission recovery and security risks.
-
Difficult to audit
There are differences in permission auditing capabilities of each application system, and it is difficult to conduct a unified compliance review of permission management process and permission data of all application systems, which is a lack of effective intra-system and cross-system permission compliance means.
INTRODUCTION
BPCBamboocloud identity security and permission management platform establishes the entrance of unified management of permissions, realizes automated granting and recovery of business permissions and system permissions according to the identity permission process, supports user self-service opening, changing and revoking permissions and other operations, and ensures that trusted people access appropriate systems and data at reasonable times.
The platform realizes semi-automatic authorization of permissions and automatic authorization according to rules through automated rule engine management of permissions. It supports authorization by different dimensions such as account, organization and position, and can provide fine-grained permission management according to data grading. At the same time, the platform supports permission compliance and permission mutual exclusion rule setting, supports the whole process of closed-loop management of permission application, granting of warning, processing and report audit.
FEATURES
BPC-
Standardization
According to the methodology of identity authority governance, establish a standard authority model and management process in line with the business characteristics of enterprises. Through the recovery of authority data and business combing, a unified authority data specification is formed and the authority management process is standardized and constrained.
-
Centralization
Recover and store the permission data of application systems in a unified way, provide a unified permission management portal and a unified permission view, and realize unified viewing, unified operation and unified control of permissions of different application systems. -
Compliance
Through compliance rules such as definition of rights and responsibilities, mutual exclusion of rights, minimization of rights, etc., comprehensive compliance review of rights is conducted on a regular basis, and closed-loop process processing such as compliance safety warning, event audit and compliance report is provided according to compliance risk assessment. -
Intelligentization
According to the user's identity attribute, organization attribute, post attribute and other dimensions, intelligent analysis is carried out, and the user's authority is automatically recommended, so as to realize thousands of people, improve the efficiency and experience of user's authority use; At the same time, intelligent analysis and mining of authority big data are carried out to assist enterprise management decisions.
-
Comprehensive risk assessment
SOD engine, authority compliance analysis, effective prevention of enterprise authority abuse and non-compliance of authority granting, 360 closed-loop authority audit mechanism. -
Minimizing
By enriching the compatibility of permission model and the technical framework of standard permission, the application permission system can be built with the minimum cost. Through the permission rule engine, authorization automation and recovery automation are realized, and the management cost is minimized.
APPLICATION SCENARIOS
BPC-
Unified Permissions View
Provide a unified visual view of permissions, and display the permissions of each application system centrally so that managers can know the permission information of anyone in each application at any time and facilitate permission query, review and operation.
-
Custom Permission Model
Provide a visual interface for the definition of the application permission model, support the relationship mapping of permission subject and object from users, organization, position, role, resource and other dimensions, and built-in common permission models such as RBAC, ACL, ABAC etc.
-
Permissions rules engine
By setting the permission rules of users, position, organization, group, role and other dimensions in the rule engine module, it realizes the automatic permission granting and recovery during the change of user entry, transfer, part-time job and departure, which greatly improves the efficiency of permission management and reduces the risk of perceived operation.
-
User Permission Center
Provide personal user permission management entrance so that users can view their own permissions in the permission center, understand the open permission information of enterprise applications, and through the permission intelligent recommendation mechanism, automatically recommend the permissions required by the user's business and can self-initiate the process application.
-
Regular compliance review
By setting a series of permission compliance review rules, it regularly performs compliance review of permission data within and between application systems, sends compliance security event notifications, provides a closed-loop processing mechanism for compliance events, and finally outputs permission compliance reports.
-
Unified permission development framework
The unified permission development framework standardizes the construction system of application permissions through SDK and other forms of standardizing encapsulation, and new systems can quickly establish permission function modules that meet compliance requirements by using the framework, greatly reducing the cost of permission compliance construction for new systems.
ARCHITECTURE
BPCADVANTAGES
BPC-
Unified Application for Permissions
1. Realize unified entrance and unified authority application.
2. Unify the approval process.
3. Improve user efficiency, experience and work effectiveness.
-
Enterprise Application Center
1. Strictly reviewing the application release to improve its quality
2. Centralized managing applications in the enterprise to enhance control capability and prevent risks.
3. Users use on-demand to improve efficiency
-
Automatic post permission
1. Realize the unification of the post authority relationship.
2. Realize the automation of user authorization for scenarios such as user onboarding and change.
3. Realize the unified view of user duty authority
-
Audit Compliance Management
1. Realizing permission non-compliance warning and monitoring management
2. Realizing the management of user permission application compliance mutual exclusion
3. Realizing compliance report management of regular review