Loading
Access Manager
  • Solution
    • Join the orange side of life – Solution
      • Freedom for IT-Administrators
      • Permanent compliance with Data Protection Provisions
      • Greater Efficiency in IT Infrastructure
      • Who, What, How? Auditors Review Your Permission Situation
      • It’s all about the money!
    • Explore the Orange Side of Life
      • Ondal Medical Systems GmbH – Time and Cost Savings
      • ETECTURE GmbH – Higher Transparency in Access Management
      • University of Leipzig Medical Center – no Chance for Hackers
      • University Hospital Tübingen – Password Resets 24/7
      • Federal City of Bonn – efficient user account management
      • City of Cologne – optimised user management
      • Paris Lodron University Salzburg – Information security for thousands of users
      • Reiser Simulation and Training GmbH – efficient access management
      • Oberaigner Group – Access Rights Management and Documentation at the Push of a Button
      • Jörg Vogelsang GmbH & Co. KG – Self Service Access Management
      • Stadtwerke Wolfenbüttel GmbH – no longer an authorisation jungle
  • Modules & Features
    • Modules
      • Fileserver Management
      • SharePoint Management
      • 3rd Party Management
      • Fileserver Accounting
      • REST API
      • Password Reset
      • Identity Management
      • Easy Desktop
      • NTFS Permission Analyzer
    • Features
      • Automated Access Management
      • Autocorrect of Permissions
      • Self Service for End Users
      • Profile Management
      • Reapproval Process
      • GDPR Compliant
      • Transparency by Reporting
      • User Provisioning
      • Audit-proof Documentation
  • Services
    • Services
      • Individual Services
      • Permission Audit
      • Starter Package for Automated Access Management
      • Premium-Support
      • Licensing Model
      • System Requirements
    • Contact Us
      • Get your Trial
      • Request your Product Presentation
  • Company
    • BAYOOSOFT
      • About us
      • We think proactively
    • Get Our Partners
      • Get to know our Partners
      • Become a Partner
  • Events
  • TRIAL
  • Customer Center
  • Search
  • Menu Menu

Access Manager

Key Features

Get to Know the Underlying Principles Behind the Access Manager

Field-proven since 2008, the Access Manager automates your access management– from assigning permissions to the end of authorized access. The software solution establishes privacy by default and design, supporting the principle of data minimization according to General Data Protection Regulation. The permission situation is continuously monitored and every permission change recorded. This streamlines your clearance workflow and guarantees an audit-proof log of the permission process.

The key features of the Access Manager are an integral aspect of the entire software, forming the basis of clean and reliable access management.

  • Automated Access Management

  • Autocorrect of permissions

  • Self-service for data controllers and end users

  • Profile management for presenting organizational permissions

  • Regular permission review with by reapproval

  • Supporting an EU GDPR-compliant directory for processing activities

  • Continuous transparency with comprehensive reporting

  • User provisioning – create, change and manage users

  • Audit-proof documentation of actions

  • Password Management: manage and reset passwords 24/7

Learn more about the underlying principles of the Access Manager:

Automated Access Management

Automating access management is the key to achieving time and cost savings in operation, preventing manual errors, and increasing data security – one of the core principles of the Access Manager. From interactive user requests via the Self-Service Portal (or via an assistance function) and the identification of the responsible decision-makers (or a substitute), to audit-proof decision documentation and the implementation of technical changes – the Access Manager handles access management without any involvement of help desk or IT administrators.

Try out the reliable solution for automated access management now for 30 days!

Request your 30-day TRIAL
Process of Authorization Request
 
PreviousNext
123456

Automated Management of Active Directory objects

The Access Manager manages all objects required for Access Management in the Active Directory. If necessary, AD groups for read, write and list permissions are created or deleted by the system and the corresponding AD group memberships of the AD users are managed. Naturally, all this is done in accordance with Microsoft best practices and without manual intervention by IT system administrators.

Automated Management of permissions in the file system

The AD groups managed by the Access Manager are automatically connected to the corresponding directories in the file system and assigned NTFS permissions. Fileserver Access Management exactly as you would set it up manually – but fully automated. This saves working time, avoids manual errors and ensures compliance with naming conventions and approval processes.

Fine granular permission concept without additional effort

While fine-granular permission management usually ties up resources for the continuous administration and documentation of permissions, the Access Manager can automatically manage even complex permission structures with permissions nested over several levels. At the same time, the manual efforts in the helpdesk are reduced.

Complete documentation of file server permissions

Unpopular, because time-consuming and therefore often neglected activities such as the documentation of permission changes are completely taken over by the Access Manager, since all changes to the permission system are not only technically implemented but also documented at the same time in a revision-proof manner. You thus receive a complete and always up-to-date audit of all read, write and browser rights on the file servers.

Efficient file Server Access Management through templates

If a large number of users are to be equipped with identical permissions or if users are to be equipped with identical NTFS rights as another reference user, BAM offers efficient ways of implementing this with little manual effort. The NTFS permissions set on a permission folder can also be transferred to another folder in whole or in part with just a few clicks.

Real-time permissions after permission release

Newly set access permissions are immediately effective if desired, the user does not have to log on to the Windows client again or wait a few hours.

Autocorrect of permissions

Following the need-to-know principle, a user should only receive as many permissions as they require to fulfil their current tasks. In practice, however, more and more extensive permissions accumulate over time, although most may no longer be needed. Existing permission systems may not even allow a clear delineation of permissions – or they over-simplify to reduce the manual maintenance required. The Access Manager closes the gap between the seemingly contradictory objectives of ensuring data security while keeping maintenance low.

Definition of target permissions in the system

The key difference from manually administrating NTFS permissions via AD groups is that the Access Manager becomes the primary data source for target permissions in the file system. All changes – such as the issuance or removal of permissions or changes to existing NTFS permissions – are captured via the Access Manager and the decision process logged.

Implementing NTFS permissions according to best practices for Microsoft file servers

The Access Manager subsequently adjusts the actual technical state of NTFS permissions to the desired target state. The best practices for Microsoft file servers are applied to the complete technical implementation including the maintenance of Active Directory groups, group memberships, and the assignment of NTFS permissions.

Assigning temporary NTFS permissions

In contrast to NTFS access management with standard tools, the Access Manager offers the option to set up time limits for NTFS permissions in the file system. If the time limit isn’t extended before expiration, the granted permissions are automatically withdrawn on the relevant date. This feature is ideally suited to temporary project work as well as external staff with frequently changing areas of work such as participants of trainee programs or apprentices.

Request our product presentation and get to know the Access Manager with all its advantages.

.

find appointment now

Self-Service for Data Controllers and End Users

A key component of our solution is the self-service concept, allowing various departments and end users to be involved in the access management process without needing an IT background. This is a principle that runs throughout the Access Manager. No matter when creating a new protected directory, requesting access to an existing SharePoint site, preparing analyses on existing access permissions or reset a forgotten password – everything can be taken care of without consulting IT administrators and all in accordance with the organization’s standards.

1
2
3
4
5
6
1

Targeted access only to required functions

2

Simple request of authorizations

3

View, change, decide requests

4

Information about inquiries and actions by mail

5

Clear and understandable overview of enquiries

6

time limitation directly at the time of approval

Curious? Click through the Access Manager for yourself – with our 30-day TRIAL

request now

Regular Permission Review with Reapproval

949859969

Your employees receive additional permissions every day – do they really need them all?

According to the need-to-know principle, employees should only obtain the access permissions they actually need. This approach is often applied to the assignment of permissions but forgotten again when it comes to eventually removing the permissions. Employees therefore gradually accumulate permissions the longer they remain at the company – regardless of whether the permissions are still required after years of service.

To prevent this uncontrolled growth in permissions, auditors recommend recertifying or reapproving permissions. In doing so, data controllers should regularly review the existing permission situation. But they’re often not especially happy to take on this task. For them, it means extra work and having to get to grips with technical details and mountains of documents full of complex matrices.

Keeping existing hurdles for data controllers as small as possible is therefore essential for a successful recertification process.

This is where the Access Manager comes in with the integrated Reapproval system. This process also benefits from intuitive use via a browser, enabling straightforward and transparent access management.

  • Pending reapproval announcement by email

    All data controllers defined for a certain resource automatically receive an email on the relevant date announcing the reapproval step in the system.

  • Clear presentation of the necessary information

    The data controllers now receive an overview of all resources requiring a review on a web interface. Here, resources that aren’t relevant or have already been reviewed are automatically filtered out.

  • Intuitive decisions

    The existing permissions can be shown for each resource and confirmed with a simple YES or NO.

  • Reminders raise awareness

    After a certain amount of time, the data controllers will receive a reminder email if resources still require their attention.

  • Simplification through status reports

    Reapproval is rounded off with clear reports that show the status of processes.

This way, the recertification process is made as simple as possible for data controllers. They’re neither confronted by mountains of paper nor unfamiliar IT details, allowing them to perform the task effectively. The option to set multiple data controllers per resource also allows the work to be spread among several people.

Reapproval

Would you like to learn even more about the basic functionalities of the Access Manager?
We are happy to explain the solution for automated access management to you as part of a product presentation.

Arrange a consultation today

Profile Management for Presenting Organizational Permissions

Need-to-know vs. scattergun approach

Staff and structural changes within an organization regularly necessitate fine adjustments to the permission situation in the various IT systems. The research, coordination and adjustment work involved takes up substantial resources in decision-making by data controllers and implementing changes to grant, alter or remove numerous user permissions.

To assign new permissions, the need-to-know principle is often rejected in favor of the scattergun approach:
Permissions are assigned generously at the departmental level or reference users with similar tasks are used as a basis to roughly determine new sets of permissions. In this process, the individual permissions of the reference user are frequently adopted without further thought. Or, the ability to assign individual permissions is prevented throughout the organization, occasionally leading to unconventional (and largely insecure) forms of data exchange between users.

Permission Management

In order to support staff changes effectively, the profile management of the Access Manager offers the ability to map organizational structures – such as departmental and activity assignments – by creating corresponding user profiles in the system. This combination of users and resource permissions in a profile means only a profile adjustment by the superior is necessary in the event of a change in activity. Individual permissions can also be assigned, which unlike the approach with reference users are not simply transferred without thought. This ensures that the user only obtains the permissions they actually need.

Supporting an EU GDPR-Compliant Directory for Processing Activities

With our many years of expertise regarding heavily regulated sectors and critical infrastructures in enterprise environments, we attach great importance to complying with current legal provisions in ongoing development. For this reason, it goes without saying that we ideally support your processes in complying with the General Data Protection Regulation (EU GDPR 2016/679) with the Access Manager.

For instance, the software solution offers the option to mark resources that contain or process personal data and to define a purpose of processing. This functionality can be effectively combined with additional features, such as the recertification process or a clean-up feature to remove data no longer required in accordance with the prescribed deletion periods.

  • Data protection

    The Access Manager establishes privacy by default and design. As a rule, employees only receive the permissions they actually need (data minimization).

  • Automation

    Fully automating access management ensures continuously clean documentation of access permissions and responsibility pursuant to Article 24 of the GDPR.

  • Data categorization

    Marking resources for the processing of personal data according to Article 9 of the GDPR facilitates the creation and maintenance of procedure logs.

     

Would you like to find out more about the support for your directory of processing activities?
We are happy to present the Access Manager functionalities to you in detail.

Arrange a consultation today

Continuous Transparency with Comprehensive Reporting

Based on the audit documentation, the Access Manager delivers clear analyses that are also easy to understand for data controllers without any IT expertise. This gives you transparency throughout your organization regarding who has access to which resources.

Analysis options can be found in all available Access Manager modules. For issues concerning user permissions or resource clearances, this is also always possible across all modules. Plus, reports can be created for dates in the past, allowing historical situations to be understood.

User-centric permission analyses: Which resources does a user have which access to? How long has access existed? Who authorized the access?

Data-centric permission analyses: Who authorized the access? Which users have which access to specific resources? How long has access existed?

We are also happy to provide you with graphical and tabular analyses of your permission situation tailored to your requirements, which you can access at any time in your Access Manager system. Do you wish to create your own individual reports? This will soon be possible with the new Enhanced Reporting expansion module.

Try out now in your own environment

As part of our BAYOOSOFT Access Permission Audit, a tool-supported analysis of your current access permission situation, our BAYOOSOFT experts support you in preparing the data obtained and analyze it for conspicuous patterns and specific peculiarities that could not be detected by a purely standard report.

Learn more about the BAYOOSOFT Access Permission Audit

User Provisioning – Create, Change and Manage Users

Staff and structural changes within an organization often make it necessary to create or deactivate employee accounts in the Active Directory. What’s more, the permission situation has to be finely adjusted in the various IT systems.

The Access Manager user provisioning enables you to combine account creation and deactivation with the assignment of profile or personal permissions in a single step. After creating a new AD account, administrators can thus define profile memberships on the same page and assign personal permissions. Security groups, home directories and the management of Internet access via firewalls / proxy servers are also possible. When an employee leaves the company or changes departments, meaning existing permissions and roles are no longer required, all owner and controller roles, profile memberships, and personal permissions of the user can be removed and a successor named with a single click.

User Provisioning and Identity Management is rounded off with the option to reset an AD account password at the request of an employee, the subsequent configuration of expiration dates, enable and disable OCS for users and the configuration of account information (such as telephone number and department membership) for displaying to end users.

Would you like to learn even more about the functionalities of the Access Manager?
We are happy to explain the solution for automated access management to you as part of a product presentation.

Arrange a consultation today

Audit-Proof Documentation of Actions

All actions performed with the Access Manager are meticulously logged and can be viewed by authorized individuals at any time. Plus, the audit functionality enables you at any time to precisely retrace which changes were implemented when, by whom, and for which resource. You gain full control of the activities in your systems. You can also find out whether unintended permissions were assigned or removed in the file system, which you did not authorize.

This core feature of the Access Manager makes it possible to safeguard your company’s internal regulations, contractual agreements, and statutory requirements in terms of file access permissions, and maintain audit-proof records.

 
PreviousNext

Identify, log and correct technical deviations

The Access Manager continuously monitors the existing permission structure in the Active Directory and file system, logs unexpected deviations in the technical implementation and reverses them where necessary. Your IT department or internal auditors can analyze these issues in easily understood deviation reports.

Complete transparency with an audit trail

All changes to the assignment of permissions in the file system, the Active Directory, and within the Access Manager are logged and recorded in an audit trail. This allows you to see which changes were made by which users at what time.

Up-to-date analyses on assigned NTFS permissions

Data controllers can use the Self-Service Portal to obtain informative reports on the current permission situation for their data at any time – without involving the IT department. Here too, you can easily see which user has which access permissions to which directories and who approved this access and at what time. Naturally, these reports can be printed out and saved in common formats including Microsoft Excel, Word, and PDF.

Automatic logging of all permission changes

All changes to NTFS permissions made with the Access Manager are automatically logged by the system. This allows you to determine how a given permission situation arose – even after several years have passed. No additional workload is created for IT administrators nor the help desk, since permission changes are recorded fully automatically.

Close Your Security Gaps

Long-term security and reliability in access management

Automate access management now

Interesting links

Here are some interesting links for you! Enjoy your stay :)

Pages

  • Access Manager auf dem Bechtle IT-Forum Rhein Main Neckar
  • Automate Access Management Successfully
  • Automate your Access & Identity Journey
  • BAYOOSOFT
  • BAYOOSOFT Berechtigungsaudit (EN)
  • Blog
  • Calendar 2020
  • Connector Matrix42
  • Contact support
  • Customer Center AM & AMPR
  • Customer Center AM Member
  • Customer Center AMPR Member
  • Customer Voices
  • Data Protection Compliance
  • Digital Flyer
  • Edit profile
  • Events
  • Exklusives Wechselangebot für 8MAN Kunden
  • Exklusives Wechselangebot für 8MAN Partner
  • Explore the Orange Side of Life
  • Features
  • Forum
  • Home
  • Interface documentation
  • Join the orange side of life
  • Legal
  • Login
  • Modules
  • Modules & Features
  • Newsletter Unsubscribe
  • NTFS Permission Analyzer
  • Password Reset
  • Password Reset Webinar 08th Dezember 2020
  • Privacy & Compliance
  • Privacy Policy
  • Privacy policy
  • Product Presentation Inquiry
  • Reset password
  • Sensitive data with peace of mind
  • Services
  • SharePoint Management
  • The Access Manager at the secIT 2021
  • The BAYOOSOFT Access Manager – Your way out of the KRITIS crux
  • TRIAL request
  • Upcoming events
  • Whitepaper: Managing authorisations securely and sustainably – Best Practice

Categories

  • Editorial
  • Events
  • General
  • News
  • Releases
  • Whitepaper
  • Privacy Policy
  • Legal
Scroll to top