Access Gravity™: Not All Permissions Are Created Equal
Severity-weighted permission scoring that ensures the biggest risks always surface first
A benign inherited permission on a public attribute. A WriteDACL on Domain Admins. Count-based tools treat those as the same thing: one permission each. That's insane.
We built Access Gravity because permission counting is broken. Some tools categorize permissions by type, which helps. Most IGA and posture tools still just count them. Ten permissions? High risk. Two permissions? Low risk. What if those two permissions are GenericAll on a Tier Zero group, and the ten are harmless inherited entries on non-sensitive objects? The count tells you nothing. The weight tells you everything.
How It Works
Every permission type gets a severity weight based on what attackers actually do with it. WriteDACL, GenericAll, ResetPassword. Those are the keys to the kingdom. They get heavy weights. Benign inherited entries on non-sensitive attributes? Near zero.
When Identity Folding consolidates edges, Access Gravity computes a composite score for each relationship. A single edge with WriteDACL and AddMember scores higher than an edge loaded with harmless inherited permissions. The Risk Posture Dashboard rolls these up into an organization-wide Identity Risk Score. You see the worst problems first. Always.
Key Benefits
- WriteDACL on Domain Admins will never hide behind a wall of harmless low-severity entries.
- Weights are derived from real attack research. Not arbitrary scales. Not vendor opinion.
- Composite scores per edge mean you see the riskiest relationships, not just the busiest ones.
- The Risk Posture Dashboard gives you one number for your whole environment. Track it over time.
- Remediation priority becomes a number, not a meeting. The data decides what gets fixed first.
See it in action on the Risk Posture Dashboard.