Patent attributes
A method of dynamically adjusting access privileges of system identities. A set of access logs associated with a system are analyzed in order to generate a restricted access policy for an over privileged system identity. An initial access policy of the system identity is replaced with the restricted access policy and a continuous monitoring and access management (CMAM) service is initiated. Access logs are collected for a monitoring time window and an access denied error can be extracted from the access logs. The access denied error can be compared to an ignore list and/or the access denied error can be added to the ignore list. Authorization checks can be performed to determine if the action associated with the access denied error is authorized. If the action is authorized, the access policy is adjusted to allow for performance of the action.
