Role management refers to the set of activities required to develop roles initially and to maintain role definitions over time:
Developing a role model that effectively encapsulates the privileges needed by a majority of users can be difficult. Hitachi ID Systems does not require that customers pursue a purely role-based approach, but does provide analytics capabilities in our products to assist in identifying groups of same-identity-attribute or same-entitlement users, to support development of a role model.
Once a role model has been developed, Hitachi ID Identity Manager includes enforcement technology to periodically (typically every 24 hours) compare actual user rights to those predicted by the role model, less approved exceptions. Any deviations can either be automatically corrected or sent to human authorizers to approve (i.e., convert to an approved exception) or deny (i.e., correct on the target systems).
The same enforcement engine is integrated with the workflow requests system, to prevent users from requesting access rights that would violate the model.