Term · 3. Account Management & Provisioning
System user
Definition
Account in a system designated for system/service use rather than human use — service accounts, application identities, integration accounts. Subject to NHI lifecycle (create/rotate/decommission tied to workload) rather than human JML. OWASP NHI Top 10 catalogues risks specific to system users.
- Application
- Best practices: documented owner per system user, automated credential rotation, scoped permissions (least privilege), monitoring for unusual usage patterns (NHI behaving like human). NHI-specialized platforms: Astrix, Aembit, Oasis Security.
- Standards & regulations
-
- RFC 4949 «system user: A person or process that interacts with a system.»
- NIST SP 800-53 Rev. 5 «A system user is an individual or (automated) process that uses a system.»
Related terms
-
Service Account (SA)
Non-human account used by applications, services, or scheduled tasks to authenticate to other systems. Common categories …
-
Technical Account (TA)
Generic term for non-human accounts used for system-to-system communication — synonymous with service account in many co …
-
AI Agent Credential Lifecycle Management
Specialised lifecycle workflows for AI agent credentials — provisioning short-lived tokens scoped to specific tasks, rot …
-
AI Agent Identity
Identity assigned to an autonomous AI agent acting on behalf of a human or workflow. Distinct from human identities (wit …
-
AI Agent Lifecycle Management
Discipline of provisioning, monitoring, updating, and decommissioning AI agents as first-class enterprise identities. Mi …
-
Ephemeral Credentials
Credentials with very short lifetime (minutes) issued just-in-time and revoked after use. Replaces long-lived secrets in …