Interactive Access Governance Dashboard

Project Overview

This project involved the design, development, and implementation of an interactive Access Governance Dashboard. The primary goal was to provide organizations with a centralized, visual platform to monitor, analyze, and manage user access rights across diverse enterprise systems. By consolidating and visualizing complex access data, the dashboard aims to proactively identify potential security risks, streamline compliance reporting, and improve overall identity and access management (IAM) posture.

Objectives

• Enhance Visibility: Provide a clear, consolidated view of "who has access to what" across critical applications, databases, and infrastructure.
• Identify Security Risks: Proactively detect potential security vulnerabilities, such as excessive permissions, dormant accounts, orphaned accounts, toxic combinations of access (Segregation of Duties violations), and privilege creep.
• Support Compliance & Auditing: Facilitate regulatory compliance (e.g., SOX, GDPR, HIPAA) by simplifying access reviews, generating audit evidence, and demonstrating access controls.
• Improve Operational Efficiency: Streamline the process of user access reviews (recertification campaigns) and reduce the manual effort required for access-related reporting and analysis.
• Enable Data-Driven Decisions: Empower security, IT, and compliance teams with actionable insights to make informed decisions regarding access policies and remediation efforts.

Key Features & Functionality

Centralized Access Visualization

Interactive dashboards displaying user access summaries, trends, and detailed breakdowns by user, role, application, and permission level.

Main Overview Dashboard

The main dashboard provides a high-level overview of the organization's access governance health, including risk scores, critical risks summary, and recent high-risk activities. Users can quickly identify areas of concern and drill down for more detailed information.

Try Interactive Dashboard

Risk Identification Engine

Automated detection and highlighting of potential risks:

• Over-Privileged Users: Identifying users with more access than required for their roles.
• Segregation of Duties (SoD) Violations: Flagging users with conflicting access permissions that could enable fraud or errors.
• Dormant & Orphaned Accounts: Identifying inactive user accounts or accounts not tied to an active employee.
• Privilege Creep Monitoring: Tracking changes in user permissions over time.

Segregation of Duties (SoD) Violations Dashboard

This dashboard focuses on Segregation of Duties violations, showing trends over time, top violated SoD rules, and applications with the most violations. Security teams can use this information to prioritize remediation efforts and reduce the risk of fraud or errors.

Try Interactive Dashboard

User & Access Exploration

User & Access Exploration Dashboard

This dashboard provides a 360° view of user access, showing all accounts, permissions, and risk factors for a selected user. The sunburst chart visualizes permission distribution across systems, making it easy to identify excessive or unusual access patterns.

Try Interactive Dashboard

Technical Implementation

Data Processing Pipeline

The backend data processing pipeline was built using Python and the Pandas library:

import pandas as pd
import numpy as np
from datetime import datetime, timedelta

def process_access_data(user_data, entitlement_data, login_data):
    """
    Process and transform raw access data for dashboard visualization
    
    Parameters:
    user_data (DataFrame): User information from HR systems
    entitlement_data (DataFrame): Raw entitlement data from various systems
    login_data (DataFrame): User login activity data
    
    Returns:
    DataFrame: Processed data ready for dashboard consumption
    """
    # Merge user data with entitlements
    merged_df = pd.merge(
        entitlement_data,
        user_data,
        on='user_id',
        how='left'
    )
    
    # Flag orphaned accounts (no matching HR record)
    merged_df['is_orphaned'] = merged_df['employee_status'].isna()
    
    # Add login information
    merged_df = pd.merge(
        merged_df,
        login_data[['user_id', 'last_login']],
        on='user_id',
        how='left'
    )
    
    # Calculate days since last login
    current_date = datetime.now()
    merged_df['days_since_login'] = merged_df['last_login'].apply(
        lambda x: (current_date - x).days if pd.notna(x) else np.nan
    )
    
    # Flag dormant accounts (no login in 90+ days)
    merged_df['is_dormant'] = merged_df['days_since_login'] > 90
    
    # Calculate risk scores based on various factors
    merged_df['risk_score'] = calculate_risk_scores(merged_df)
    
    # Identify SoD violations
    sod_violations = identify_sod_violations(merged_df)
    
    # Flag users with SoD violations
    merged_df['has_sod_violation'] = merged_df['user_id'].isin(sod_violations['user_id'])
    
    return merged_df
                

Data Sources & Integration

The dashboard integrated data from multiple enterprise sources, including:

• Identity Management Systems: (e.g., Active Directory, Azure AD, Okta) for user identity information and group memberships
• HR Systems: (e.g., Workday, SAP HR) for employee status, department, and role information
• Target Applications & Databases: Access logs or entitlement exports from ERP systems (SAP, Oracle EBS), CRM systems (Salesforce), custom applications, databases (SQL Server, Oracle DB), and cloud platforms (AWS IAM, Azure RBAC)
• Security Information and Event Management (SIEM) Systems: For login activity data

Results and Impact

The Access Governance Dashboard delivered significant benefits:

Business Impact

• Reduced Security Risk: Proactive identification and remediation of access-related vulnerabilities decreased the attack surface.
• Improved Compliance Posture: Simplified audit preparation and demonstration of access controls, reducing the risk of non-compliance penalties.
• Increased Operational Efficiency: Significant reduction in time and effort spent on manual access reviews and reporting.
• Enhanced Governance: Provided a clear, data-backed foundation for refining access policies and enforcing the principle of least privilege.
• Cost Savings: Reduced potential costs associated with security breaches, compliance fines, and inefficient manual processes.