Resource Center
Hitachi ID Facebook Page Hitachi ID Twitter Page Find us on Google+ Hitachi ID YouTube Page

Role Management

Role management refers to the set of activities required to develop roles initially and to maintain role definitions over time:

The analysis of existing entitlements and identity attributes is sometimes referred to as role mining or entitlement analytics.

Developing a role model that effectively encapsulates the privileges needed by a majority of users can be difficult. Hitachi ID Systems does not require that customers pursue a purely role-based approach, but does provide analytics capabilities in our products to assist in identifying groups of same-identity-attribute or same-entitlement users, to support development of a role model.

Once a role model has been developed, Hitachi ID Identity Manager includes enforcement technology to periodically (typically every 24 hours) compare actual user rights to those predicted by the role model, less approved exceptions. Any deviations can either be automatically corrected or sent to human authorizers to approve (i.e., convert to an approved exception) or reject (i.e., correct on the target systems).

The same enforcement engine is integrated with the workflow requests system, to prevent users from requesting access rights that would violate the model.

Return to Identity Management Concepts