Term · 11. Risk & Compliance
Over-provisioning
Definition
Granting access beyond what's needed for the role — common cause of attack surface expansion and SoD violations. Sources: copy-paste provisioning (give new hire same access as predecessor without review), accumulated access from role changes, over-broad role definitions. Detected by CIEM/ISPM tools.
- Application
- MidPoint: Situation when an identity has more privileges than are necessary for the tasks that the identity is supposed to carry out.
Related terms
-
Entitlement Creep
Gradual accumulation of access rights beyond what's needed for current job, as users change roles without losing prior a …
-
Orphan Account
Account in a target system that cannot be correlated to any identity in the identity warehouse — abandoned by previous o …
-
Offboarding
End-of-lifecycle process when an identity is terminated — disable accounts, revoke entitlements, terminate active sessio …
-
Deprovisioning (Deprov)
Removal of an identity's access from a target system — typically triggered by termination (Leaver), role change (Mover), …
-
HR Policy
Policies governing identity lifecycle based on HR data — what triggers provisioning, what role mapping applies, what app …
-
OWASP NHI Top 10
OWASP Non-Human Identities (NHI) Top 10 (2025) — community-curated catalogue of the most critical risks affecting non-hu …