User Provisioning: Right Access at the Right Time

User provisioning has revolutionized the practice of identity management, as it was once known. Essentially, user provisioning is what enables organizations to better manage their infrastructures in a way that promotes security by allowing employees to see and access precisely what they need to execute within their roles, but nothing more.
More specifically, user provisioning is in place to guarantee that all the necessary resources will be available for all the necessary people at all times– and no on else.  As a result, when used correctly, it can trigger productivity and limit risk.
The effects of user provisioning are felt every day—any time you are granted access to a program, any time you are denied access to a folder, and so on. But the act of delegating the rights that make user provisioning work occur much less frequently, and are generally catalyzed by events that take place within your profession.
The first instance of user provisioning occurs on the first day at a new job. Administrators welcome you to the organization by bestowing upon you a welcome mat of access rights and permissions. They give you the permissions necessary to do your job, but nothing more.
The second occurrence of user provisioning takes place any time an employee role changes within a given organization. If a promotion results in more responsibility, more tasks and more power, it generally requires more, or at least different, user provisions. The access permissions once necessary to enable you to carry out your job may no longer be required, but new ones take its place. As a result, you are given new rights, but the old, now obsolete provisions once required to do your job, are no longer accessible, thus limiting the possibility that you will abuse or inappropriately take advantage of the old permissions.

The final instance of user provisioning occurs any time an employee’s relationship with an enterprise no longer exists. Should someone retire, quit or get fired, their access permissions are of course deleted, along with any other special user provisions that they may have had. This is necessary to prevent disgruntled, or any other former employees, from accessing sensitive data following their departure.