RolesWithGracePeriod
Flexible access revocation with built-in safety and control.
Keeps a copy of revoked roles for a configured grace period after revocation, reducing disruption risk and enabling smoother transitions.
Overview
Instant access revocation can sometimes create more risk than it prevents. Roles with Grace Period introduces a controlled delay between role removal and actual deprovisioning, giving users and managers time to respond before access is permanently revoked. This ensures smoother transitions, fewer business disruptions, and a safeguard against accidental access loss.
Whether an employee is handing over responsibilities or a role was mistakenly removed during an audit, this add-on provides a configurable grace period that keeps critical access active for a defined number of days. Automated notifications inform affected users, helping them take corrective action when needed.
Simple to deploy on top of any existing NetIQ IDM environment with a Role Catalogue, Roles with Grace Period adds flexibility to automated provisioning without sacrificing governance or compliance.
Features
Monitors and intercepts role revocations, preserving a temporary carbon-copy role until the grace period expires. Automatically cancels pending revocations if the role is re-granted and sends customizable notifications to users. Fully configurable and seamlessly integrates with standard IDM role management.
Benefits
Prevents productivity loss from premature access removal
Reduces helpdesk tickets caused by accidental role revocations
Improves business continuity during job transitions or audits
Enhances user communication with automated alerts
Strengthens governance without slowing down automation
Easy to implement and maintain within existing IDM environments