The purpose of the Authorization Review is to focus on the rights and accesses assigned to each account in the IT system. The aim is to ensure that each user has only the access necessary to perform his or her professional tasks, in accordance with the principle of least privilege.
This includes checking permissions granted across different systems and applications to ensure they are appropriate. The review may identify excessive or insufficient permissions, incorrect configurations or violations of secure access policies.
A user account review is a procedure for verifying the access and privileges granted to each user of a computer system. It consists of examining all the user accounts present in a system to ensure that each user has only the access rights required to perform his or her tasks.
This involves ensuring that users' access rights are correct, authenticating them and taking corrective action in the event of non-compliance with the company's authorisation policies.
This makes it possible to limit the risks linked to the company's IT security, to respond to regulatory issues and to have a better understanding of the behaviour of its users.