Introduction -- the problem
The size of an organization's entitlement catalog has a direct impact on the requester usability problem. It is not unusual for an IAM system to make requestable millions of entitlements across hundreds of directories, systems and applications. A typical business user, without a technical knowledge of how access rights are calculated in each system or application, faces a daunting challenge in selecting just the right entitlements from this very large menu to select for himself or for a peer user.
Requesters rarely know exactly what entitlements, on what systems, are required to perform a given function. Consequently, requesters tend to ask to copy entitlements from one user to another -- "please make Bob like Mary." Copying all entitlements from one user to another is undesirable, since the source user may already have excess access rights and the destination user likely does not need all the rights of the source user anyways.