Database access recertification is the periodic review of who still needs access, what they can do, and whether the entitlement remains justified. In PostgreSQL, this must include direct grants, role membership, login rights, and audit evidence so the review reflects real operational privilege.
Expanded Definition
Database access recertification is the repeated, evidence-backed review of database entitlements to confirm who still needs access, what level of action remains appropriate, and whether the grant still matches business purpose. In NHI-heavy environments, this includes service accounts, application roles, login rights, inherited role membership, and direct object grants, not just the visible user name attached to the connection. The control is especially important in PostgreSQL because effective privilege can be spread across multiple layers, so a review that omits role inheritance or login capability can understate real access. Guidance across vendors varies, but the security intent aligns with least privilege, access review, and periodic reauthorization principles described in the OWASP Non-Human Identity Top 10 and the broader visibility emphasis in Ultimate Guide to NHIs. A meaningful recertification also records evidence of approver review, scope, and remediation status so the outcome can be audited later.
The most common misapplication is treating a quarterly spreadsheet check as complete recertification when it does not reconcile direct grants, inherited roles, and active login rights.
Examples and Use Cases
Implementing database access recertification rigorously often introduces review overhead and temporary operational friction, requiring organisations to weigh stronger governance against the time needed to gather accurate entitlement evidence.
- A PostgreSQL cluster used by a payments platform is reviewed to confirm that an application role still needs UPDATE access on transactional tables and that no dormant login remains enabled.
- A data engineering service account is recertified after a pipeline redesign, and direct grants are removed because the service now reads through a narrower role hierarchy.
- An internal reporting database is checked against job ownership, with approval required for each inherited role membership before the access review is closed.
- During an audit response, teams use evidence from recertification to show that service-account privileges were reviewed after the access pattern changed, not just at onboarding.
- The access review process is compared with the guidance in the Ultimate Guide to NHIs — Key Challenges and Risks and the OWASP Non-Human Identity Top 10 to ensure the review covers NHI-specific privilege sprawl.
These examples are most effective when the recertification packet includes the database owner, the approving manager, the effective privileges, and the evidence supporting each retention decision.
Why It Matters in NHI Security
Database access recertification matters because NHIs accumulate privileges quietly, and database entitlements are often the last place teams look when investigating overreach or lateral movement. In the NHIMG Ultimate Guide to NHIs, 97% of NHIs are reported to carry excessive privileges, which makes periodic entitlement review a practical control rather than a paperwork exercise. When database access is left unreviewed, stale service accounts, inherited roles, and unused login rights can persist long after the workload changes, creating exposure that basic account inventories miss. This is why database recertification supports the visibility and offboarding themes reinforced in the 52 NHI Breaches Analysis and why it fits with identity governance expectations in the OWASP guidance. It also helps teams prove that privilege decisions were actively revalidated, not merely assigned once and forgotten.
Organisations typically encounter the need for recertification only after an access review, audit finding, or breach investigation reveals that database privilege no longer matches operational reality, at which point the term becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-05 | Covers entitlement review, privilege sprawl, and lifecycle governance for non-human identities. |
| NIST CSF 2.0 | PR.AA-01 | Access authorization and review support ongoing assurance that permissions remain appropriate. |
| NIST Zero Trust (SP 800-207) | AC-4 | Least-privilege enforcement depends on continuously validating effective access paths. |
Recertify database grants, role inheritance, and login rights on a fixed cadence and remove unjustified access.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 7, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
