Overview:

Arnica defines excessive permissions as permissions that have granted to an Identity, but have not been actively used by that Identity for more than 90 days. Excessive permissions represent access to assets without cause, and can present edit, maintain, or write permissions to any user with malintent, whether that be the original internal identity, or an external identity that has gained access. Reducing excessive permissions across your organization reduces the level of impact that will be possible for an outside threat should they gain access to your development stack. The number of days a permission must go without use before being defined as excessive can be edited within the Policies page.

Types of Excessive Permissions:

Arnica recognized and mitigates 4 types of Excessive Permissions:

• Excessive Admin Permissions

• Excessive Maintain Permissions

• Excessive Write Permissions

• Excessive CODEOWNERS Permissions

Arnica also flags completely inactive Identities and Assets in the following forms:

• Stale Users

• Stale Repositories