skip to main content
10.1145/2559206.2581364acmconferencesArticle/Chapter ViewAbstractPublication PageschiConference Proceedingsconference-collections
poster

Helping users review and make sense of access policies in organizations

Published:26 April 2014Publication History

ABSTRACT

This work addresses the problem of reviewing complex access policies in an organizational context using two studies. In the first study, we explored the access review activity and identified its challenges using semi-structured interviews. Interviews revealed that access review involves challenges such as scale, technical complexity, the frequency of reviews, human errors, and exceptional cases. We also modeled access review in the activity theory framework. The model shows that access review requires an understanding of the activity context including information about the users, their job, and their access rights, and the history of them. We then used activity theory guidelines to design a new user interface named AuthzMap. We conducted a user study with 340 participants to compare the use of AuthzMap with two of the existing commercial systems for access review. The results show that AuthzMap improved the efficiency of access review in 5 of the 7 tested scenarios compared to the existing systems.

Skip Supplemental Material Section

Supplemental Material

References

  1. Cser, A. The forrester wave: Role management and access recertification, q3 2011. Tech. rep., Forrester Research, inc., August 2011.Google ScholarGoogle Scholar
  2. Jaferian, P., Hawkey, K., Sotirakopoulos, A., VelezRojas, M., and Beznosov, K. Heuristics for evaluating IT security management tools. To appear in Human Computer Interaction, 2014. DOI= http://dx.doi.org/10.1080/07370024.2013.819198 Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Kaptelinin, V., and Nardi, B. Acting with technology: Activity theory and interaction design. MIT Press, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Nielsen, J., and Molich, R. Heuristic evaluation of user interfaces. In CHI '90: Proceedings of the SIGCHI conference on Human factors in computing systems, ACM (New York, NY, USA, 1990), 249--256. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Reeder, R. W., Bauer, L., Cranor, L. F., Reiter, M. K., Bacon, K., How, K., and Strong, H. Expandable grids for visualizing and authoring computer security policies. In Proc. CHI '08, 2008 , 1473--1482. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Helping users review and make sense of access policies in organizations

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in
    • Published in

      cover image ACM Conferences
      CHI EA '14: CHI '14 Extended Abstracts on Human Factors in Computing Systems
      April 2014
      2620 pages
      ISBN:9781450324748
      DOI:10.1145/2559206

      Copyright © 2014 Owner/Author

      Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 26 April 2014

      Check for updates

      Qualifiers

      • poster

      Acceptance Rates

      CHI EA '14 Paper Acceptance Rate1,000of3,200submissions,31%Overall Acceptance Rate6,164of23,696submissions,26%

      Upcoming Conference

      CHI '24
      CHI Conference on Human Factors in Computing Systems
      May 11 - 16, 2024
      Honolulu , HI , USA

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader