Go to WebsiteLoginGet a Demo

Access Governance Pillars

Access governance is about ensuring the right people have the right access to the right resources at the right time.

🔄 Joiner–Mover–Leaver (JML) Framework

JML is the operational lifecycle of identity and access. It standardizes how organizations grant, change, and remove access as people move through their employment lifecycle.

Phase
What it means conceptually

Joiner

When a new identity enters your environment. Access should be granted automatically and consistently based on role, department, and security policy.

Mover

When an existing identity changes role, department, or scope of work. Access should adapt - adding what’s needed, revoking what’s no longer appropriate.

Leaver

When an identity leaves the organization or no longer requires access. Access should be revoked quickly and fully, closing accounts and reducing risk.

💡 Why it matters: JML reduces onboarding friction, prevents permission creep, and helps organizations meet compliance requirements.

🏷️ Role-Based Access Control (RBAC)

RBAC is a method of regulating access based on the roles of individual users within an organization.

  • Roles group permissions into logical sets aligned to job functions (e.g., Sales Rep, Finance Analyst, Support Engineer).

  • Users are assigned to roles, not directly to individual permissions.

  • Applications and systems map their entitlements to those roles.

Benefits:

  • Scales access assignment across hundreds or thousands of users.

  • Simplifies audits - “this person has this access because they are in this role.”

  • Reduces manual approval bottlenecks.

💡 Why it matters: RBAC lets you express business logic in a technical model, making access predictable and auditable.

🔒 Least Privilege

Least Privilege is the principle of granting the minimum access necessary for a user (or system) to perform its function.

  • Access is limited to only what is strictly required - nothing more.

  • Permissions should be regularly reviewed and adjusted as duties change.

  • Elevated privileges should be time-bound or just-in-time.

Benefits:

  • Reduces the attack surface of your organization.

  • Minimizes impact of compromised accounts.

  • Helps demonstrate strong controls to auditors.

💡 Why it matters: Even with perfect RBAC and JML, if roles themselves are too permissive, you still have excess risk. Least Privilege forces continual tightening.

🧩 How These Pillars Work Together

  • JML defines when access should change.

  • RBAC defines what access should be assigned.

  • Least Privilege defines how much access is appropriate.

Together they create a system where access is provisioned automatically at onboarding, adapts to role changes, and is revoked at offboarding - always with the minimum necessary rights.

PreviousCakewalk Roles & PermissionsNextTrust & Security Model

Last updated

Was this helpful?