Central Permission Engine
EPAM
- Period
- 2022-03 — 2022-10
- Role
- Enterprise Architect
Context
Numerous internal and external systems were used by a mixed population — employees, students, subcontractors — and access was managed separately in each system and process. The decentralization raised cost and the risk of inconsistent or excessive access.
Approach
Framed permissions as a shared enterprise capability with a clear contract: consistent identity inputs, central policy evaluation, and governance over rule changes. Designed the target state with the solution architect and formalized requirements for build.
Outcome
Defined a centralized permission-engine concept that assigns access by both role-based and resource-based models, replacing decentralized per-system access control with one governed, auditable capability.
- Single permission engine with flexible role- and resource-based configuration.
- Potential to save the organization millions of dollars annually in access-management effort.
- Reduced risk of unauthorized access; stronger position as a reliable partner.
Key result
Defined a centralized permission engine supporting role- and resource-based access for a mixed user population, replacing scattered per-system access logic with one auditable, governed capability.