I'm studying for the CISSP and am getting hung up on some terminology. Specifically, I'm confused on the difference between access aggregation and authorization creep.
In both cases, it seems to me that an individual users are gaining more access to more systems. Is access aggregation considered acceptable but authorization creep isn't?