1. Technical Field
The invention relates generally to verifying user access to a data object, and more particularly to a solution that automatically determines when access to the data object requires verification and assists an owner of the data object in verifying the access.
2. Background Art
Many companies limit the number of users that can access a certain data object (e.g., a database, directory, file, etc.). To this extent, some companies require that the access privileges of users be periodically reviewed in order to ensure that it remains current. For example, the data object can have an associated owner that is responsible for managing it. The owner may be required to periodically (e.g., annually) verify that access privileges to the data object are current. Further, the owner may be required to maintain a history of the verifications performed for the data object.
To date, a data object owner often must remember when the access is due to be verified, and maintain his/her own records of having performed these verifications. Further, the data object owner frequently must obtain information from various sources in order to perform the verification. For example, the data object owner may first need to determine all users that currently have access rights, and then determine which users, if any, have left the company, changed jobs/divisions, etc. In some cases, the data object owner may not have ready access to the necessary information, thereby requiring assistance from co-workers and delay in completing the verification. As a result, access verification is frequently a time consuming, tedious task that frequently fails to be consistently and reliably performed.
Some solutions have been proposed to automate this process. For example, user access rights can be compared to an employee directory, and those that do not appear in the employee directory can be automatically purged. However, these solutions often unintentionally remove the access rights for some users. For example, a user can be created that is shared by a group of people (e.g., “guest”), that is associated with a non-employee, etc. Therefore, it is often necessary to maintain some human oversight of the verification process.
As a result, a need exists for an improved solution for verifying access to a data object. In particular, a need exists for a method, system and program product that automatically determine whether access to the data object requires verification, and provides an owner of the data object with a set of current users that have access to the data object. The set of current users can include attribute information obtained from an employee database or the like to assist the owner in verifying the access rights.