Definition
Baseline access granted automatically to every identity of a specific type — typically minimal access required to function: email, intranet, common collaboration tools, basic application access. Assigned via HR-driven rules during onboarding without explicit access requests. Reduces day-1 friction.
- Application
- MidPoint: Privileges or access granted to users based on their inherent characteristic, such as user type (employee, contractor, student).
- Standards & regulations
-
- NIST SP 1800-35B (preliminary draft) «Access permissions, known as the user’s Birthright Role Access, are automatically determined according to policy based on factors such as the user’s role, type, group memberships, and status. These pe»
- NIST SP 1800-35C (preliminary draft) «For the Employee Access Profile role, add the groups that the employees belong to. This means that these users will have access to these groups as a birthright. Perform the same for the corresponding »
Related terms
-
Delegated Administration (DA)
Permission model where administrators delegate specific management functions to other users within scoped boundaries — t …
-
Role Assignment (RA)
Specific instance of assigning a role to an identity — captures who, when, why, with what expiration. Direct (manually r …
-
Role Creation
Process of defining a new role in the role catalog — naming, description, business owner, included entitlements, approva …
-
Role Lifecycle Management (RLM)
Discipline of designing, approving, deploying, certifying, modifying, and retiring roles throughout their useful life. I …
-
Role Management
Operational discipline of maintaining the role catalog — creating new roles, modifying existing roles, retiring obsolete …
-
Role Mining (RM)
Analytical process of discovering role patterns by analyzing existing access data — clustering users with similar entitl …