Resource Center
Hitachi ID Facebook Page Hitachi ID Twitter Page Find us on Google+ Hitachi ID YouTube Page

Roles

A role is a named collection of security entitlements, which may include accounts on systems and applications, group memberships (to be applied to those accounts) and other roles. The fact that roles may include other roles makes them hierarchical.

Roles are used in the context of role-based access control -- an approach to managing entitlements, intended to reduce the cost of security administration, ensure that users have only appropriate entitlements and to terminate no-longer-needed entitlements reliably and promptly.

Roles are often associated with rules -- i.e., conditions that specify when a role should be automatically assigned to a user.

Roles are sometimes classified into either technical roles or business roles, with the former implying that they are collections of entitlements that appear often, but which may not be clear to users requesting access, while the latter are higher level collections that typically map to business functions and are more likely to make sense to business users. This classification is in no way an essential part of role definitions, however.

Return to Identity Management Concepts