A system for operating an enterprise computer network including multiple network objects, said system comprising: monitoring and collection functionality for obtaining continuously updated information regarding at least one of access permissions and actual usage of said network objects; and entitlement review by owner functionality operative: to present to at least one owner of at least one network object a visually sensible indication of authorization status, said visually sensible indication of authorization status including at least a list of users and user groups having access permissions to said at least one network object; to require said at least one owner to review said authorization status to confirm or modify said authorization status; and responsive to said at least one owner confirming or modifying said authorization status, to require said at least one owner to approve said authorization status.
展开▼