Documentation forAccess Rights Manager

Data Owner: Recertification of existing access rights

Background / Value

Safety regulations demand for the implementation of the principle of least privilege. This is why data owners must check periodically the access rights situation of their resources.

With the re-certification process you obtain the possibility to check and change the access rights situation to your resources.

You receive an email with the instructions to the re-certification process. Then you decide for each user and resource if the access right should stay or be removed. Your desired changes will be transferred automatically to the administrator.


Related features

Grant and remove file server access rights


Step-by-step process

Click Recertification.


  1. Continue a recertification already started.

  2. Select resources for a new recertification.
  3. Start the process.


You can either accept or remove the permissions.

  1. Activate all Users which should keep their permissions first.
  2. Click on "Accept".

Subdirectories are only displayed, if they contain deviating permissions.


  1. You must enter a comment. Your notes will be saved in the system for documentation.
  2. Click Assign action.

Repeat the process for the permissions you want to remove.


  1. Your decision is marked in the column "action".
  2. Access Rights Manager displays your current progress.
  3. Click "Save Progress" to continue your review later. You will be able to modify your decisions.
  4. Click "Execute Actions" to finalize your decisions.

When you click on "Execute Actions", ARM will execute the desired changes. Under certain conditions, e.g. some types of inherited permissions, ARM cannot automatically remove permissions. In these cases, an administrator will receive an email with the desired changes each time you click the button. Therefore, we recommend that you perform the recertification in one go.