Previous PDF

swipe to navigate




This document introduces a more balanced strategy for large-scale administration of identities (users, accounts) and access rights (entitlements, group memberships). It can support both large sets of users with static, uniform access needs (using roles) and unique, small groups of users or users with rapidly evolving needs (using requests and reviews).

The remainder of this document is organized as follows:

  • Entitlement models

    An introduction to entitlement modeling as a strategy for automated user administration.

  • Roles are about efficiency, not risk management

    Explains that, contrary to popular belief, roles are helpful for efficiency and usability rather than for security or internal controls.

  • From theory to reality

    Where entitlement modeling does work in practical deployments, where it doesn't and why.

  • Access administration with requests and reviews

    A strategy to managing identities and access rights through user-submitted requests for new entitlements and periodic access certification process to revoke unneeded access.

Previous Next PDF