Hitachi ID Identity Manager includes entitlement analytics that can be used to aid in the development of a role model. For example, a built-in report allows an authorized user to find all users with a given set of attributes (e.g., manager=X, location=Y, jobcode=Z, etc.) and to compare their login IDs and group memberships on every integrated system. If the entitlements are consistent, then the set of entitlements shared by these users are a good candidate for a role, to be assigned to these users.
This type of entitlements comparison is illustrated in Figure [link].
Screen shot: Comparing Entitlements for Existing Users (1)