Effective permissions

After CEM fetches the specified data, it begins the process of analyzing the effective permissions of each identity.

In CEM, a permission is an action permitted on a service and the resource associated with that service.

This process identifies, for each identity, which workspaces are accessible and with which permissions.

To compute the effective permissions of each identity, the following factors are taken into account:

  • The direct entitlements that were granted to the identity

  • The direct deny entitlements that affect the identity

  • The indirect entitlements that, by group association, affect the identity

For each effective permission calculated, CEM sets the usage status according to the usage history collected.