InfoSec team is asking us to re-baseline and extend access to users every 90 days… if we dont extend access after 90-days, they will lose it… Do any of you have similar issues. What is the (best) provisioning model you have seen or follow… thank you.

Hi @nlkreddy - Can you please give more details on the extend the access. Ideally it depends upon business requirements and security principles followed in the organization. We usually provide the access to dashboard or analysis as per the business needs.

Tagging @Karthik_Tharmarajan @Koushik_Muthanna for their expert advise.

Regards - Sanjeeb

Hi @nlkreddy ,

For QuickSight there are no baseline requirements, I believe this is more of an internal process at your end. Please reach out to your internal teams/infosec to clarify the requirement.

Kind regards,

1 Like

Thanks @Koushik_Muthanna . As always it is based on the famous architect words “It depends” . Thanks for sharing your view on this :slight_smile:

Regards - Sanjeeb

Lets say we created a dashboard for analyst to use for this daily job… even though it is required for his daily job, Infosec is asking us to provision the permissions for this for 90 days only… he will be reassigned the same permissions for another 90 days if he still needs it. It is going to place a huge burden on the team to keep reviewing and assigning permissions every 90 days… not to mention user experience since they have to either get the approval for extension or lose access…!!

Hi @nlkreddy - Thanks for the details. if I understood correctly, you are looking for a process to give permission and update permission ( revoke it) after 90 days, you have to create a custom script using boto3 API where you can pass the user name and update the permission. It is purely a custom script.

Regards - Sanjeeb