Good Justifications Write Themselves
12 days ago
- #access-management
- #compliance
- #authorization
- Authorization systems need context about user access for compliance and confident decision-making.
- Access should be explainable to manage it effectively and understand audit logs.
- Typical 'justification' fields often provide low-quality or outdated context.
- Structured justifications (e.g., ticket numbers) work well for specific tasks but not routine work.
- Most justifications should be inferred from job titles, team membership, or project assignments.
- Freeform text fields should be a last resort for exceptional cases.
- Good context comes from role definitions, team mappings, and organizational data, not just user input.
- Design permissions around inferred, structured, and exceptional context sources for better explainable access.