Optimization for access policies in computer systems

Abstract

Disclosed embodiments provide systems and methods for analyzing and optimizing access policies. Access policies are analyzed by an access policy optimization system. In cases where large numbers of users have similar access privileges, the number of overall policies can be significantly reduced. An access control health metric is computed on an original set of access data as a measure of the current state of the access policies. It can be used as an indication that optimization of the access policies is warranted. The access data can include access policies and/or access groups. A policy subgroup mapping process is performed to identify subgroups of access policies. Subgroups with a number of entries exceeding a predetermined value are converted to access groups, the users that have those policies are added to the corresponding access groups, and the individual access policies are deleted. Duplicative and/or redundant policies are identified and removed.

CPC Classifications