Groups

Navigating to the Groups Section

Groups section in Access Governance

To access the Groups section within the Access Governance module:

• Navigate to the top navigation bar on the home screen.

• Click on the Governance tab.

• From the dropdown menu, select Access Governance.

• Within the Access Governance dashboard, choose the Group tab from the left-hand panel.

The Groups section in Access Governance provides a comprehensive overview of all existing access groups within the system. These groups represent collections of users who share similar access permissions, roles, or responsibilities across systems and applications.

Key Elements

Groups Dashboard in Access Governance

• Group Name: Shown prominently (e.g., Test Group 444 and Test Group 349).

• Member Count: The number of users currently assigned to that group.

This visual representation allows users to quickly understand the composition and size of each group at a glance.

Filters and Customisation

At the top of the page, multiple filtering options are available to help refine the view:

• Employment Type: Filter groups based on the employment type of their members.

• Attributes: Applies specific group attribute filters.

• Attribute Sensitivity: Helps identify groups that contain users or data with varying sensitivity levels.

• Has Member: Displays only groups that contain members.

• All Filters: Displays a consolidated view of all applied filters, with an option to clear them using Clear all.

List View Toggle

The Group List View provides a tabular representation of all groups within the organisation that are tracked managed, and governed under the Access Governance framework.

Click on the toggle tab for list view

Note: Users can toggle between grid and list views using the layout switch icon in the top-right corner.

Columns Displayed

Group List view in Access Governance

Each row in the table represents a group, with the following columns:

• Group: Shows the group name or unique ID.

• Member Count: Number of users in the group.

• Sensitive Objects: Count of high-sensitivity objects the group can access.

• Total Objects: Total number of objects accessible to the group.

• Attribute Type: Counts of attributes the group can access by sensitivity level.

• Entities: Count of Associated business units or organizational domains.

Note: Users can export the data in CSV format by clicking the "Export CSV" button located at the top right corner of the page.

Group Details

From the Groups section, selecting a group name from either the card view or the list view opens the Group Details page. This view provides a segmented breakdown of all relevant information related to that group, supporting access governance and group auditing by offering insight into memberships, privileges, and associated resources.

Overview Tab

The Overview tab is the default landing section when accessing a group's details. It provides a summarised snapshot of key metrics and attributes associated with the group. For example, this summary highlights group-level information such as membership details and linked systems, followed by an overview of the Datasources, Entities, Attributes, Sub-Groups, and Members associated with the group.

A specific group's overview in access governance

Key Components of the Overview Tab:

• Datasources: Number of connected systems providing access data for the group.

• Entities: Count of systems or applications linked to the group.

• Attributes: Metadata tags or labels assigned to the group, useful for categorisation and filtering.

• Members: Number of users who are part of the group.

• Unresolved Alerts: Active access-related alerts requiring review.

Datasources Tab

The Datasources tab within a group’s detail view in Access Governance provides insights into the data systems or repositories to which the group has access. This view helps identify where the group’s access originates and what level of data exposure it may have.

Datasources tab of a specific group in access governance

Each row in the Datasources table represents a distinct data source linked to the group. The columns include:

• Data Source Name: The specific identifier or name of the integration.

• Data Source: The platform or system providing the data.

• Total Objects: The total number of data objects the group can access within the source.

• Sensitive Objects: The number of data objects containing sensitive or high-risk information.

• Risk Density: Indicates the level of risk associated with the data accessible to the group. This metric helps prioritise groups based on potential security exposure.

Entities Tab

The Entities tab within a group’s detail view provides a breakdown of all data entities the group can access. It is divided into two key sections, helping governance teams distinguish between direct and inherited access paths.

Entities that a specific group has access to

• Direct Access: Lists entities to which the group has explicit access, independent of other group associations.

• Access via Group: Lists entities accessible through a parent or higher-level group association, reflecting inherited permissions.

Attributes Tab

The Attributes tab provides a comprehensive view of the sensitive data attributes that a selected group has direct or inherited access to. It enables visibility into what data types are accessible and their associated sensitivity levels.

Direct Access

Directly accessible attributes

Sensitivity Summary Cards Displays counts of directly accessible attributes, grouped by sensitivity level:

• High Sensitive: 0 attribute type

• Medium Sensitive: 0 attributes type

• Low Sensitive: 0 attribute type

Note: Sensitivity levels are colour-coded as Red (High), Yellow (Medium) and Green (Low) .

Attribute Tiles Lists all attributes the group can directly access. Each tile shows:

• Attribute name

• Sensitivity level (High, Medium, Low)

• Associated data sources

This view offers a clear understanding of what data is accessible, its sensitivity, and the systems it originates from.

Access via Groups

Attributes accessible via a group

This section displays the attributes that a group inherits access to via a parent group.

Sensitivity Summary Cards: Shows inherited attribute types grouped by sensitivity level:

• High Sensitive: 0 attribute types

• Medium Sensitive: 0 attribute types

• Low Sensitive: 0 attribute types

In this example, the group does not currently inherit access to any attributes from its parent groups.

Sub-Groups Tab

The Sub-Groups tab provides visibility into any nested or child groups that exist under the selected group. It helps identify the group hierarchy and how access may cascade across different levels.

Members Tab

The Members tab displays all users who are part of the selected group, providing an overview of membership composition and access classification.

Members of a group

Member Summary Cards: Provides a quick count of users by employment category:

• Employees: 2 users

• Contractors: None in this example

Member List Table: Shows detailed information for each member, including:

• Name

• Member Type (e.g., Direct or Inherited)

• Employment Type (e.g., Employee, Contractor)

Purpose and Utility

• Identify Access Risks: Detects groups or departments with unusually high membership counts, including unknown or misclassified members that may indicate governance gaps.

• Support Access Reviews: Enhances visibility into group composition, inherited permissions, and potential exposure to sensitive systems or data.

• Enable Targeted Governance Actions: Provides filtering options by employment type, attribute sensitivity, or entity association, facilitating precise remediation and policy enforcement.

• Ensure Compliance and Audit Readiness: Offers a clear, auditable trail of group-level access patterns, linked data sources, and unresolved alerts, ensuring alignment with organisational access control standards.

• Promote Proactive Risk Management: Empowers governance teams to monitor, assess, and act upon group-level access data dynamically, fostering continuous compliance and reducing security risks.