Entitlement analytics refers to a process of examining existing identities, identity attributes and security entitlements to find patterns. Patterns may include:

  • Candidates for new role definitions, which appear as sets of users with common identity attributes and entitlements.
  • Users who may violate segregation of duties policy.
  • Users who may represent especially high business risk, for example, because of the many security entitlements attached to their identity.
  • Accounts that have inconsistent identity attributes -- for example, one phone number on one system, but a different phone number on another system.
  • Accounts that have empty or invalid identity attributes.

Hitachi ID Identity Manager includes entitlement analytics that can be used to aid in the development of a role model. For example, a built-in report can find all users with a given set of attributes (e.g., manager=X, location=Y, jobcode=Z, etc.) and to compare their login IDs and group memberships on every integrated system. If the entitlements are consistent, then the set of entitlements shared by these users are a good candidate for a role, to be assigned to these users.

Return to Identity Management Concepts