Capabilities of Full-Fledged Role Management Systems

Today's role management solutions include several or all of the following capabilities, according to Burton Group analyst Kevin Kampman

Role mining and discovery: The ability to collect user access and authorization information from a variety of resources, associate this data with candidate roles and responsibilities, propose alternative roles and leverage decisions made about the data on an ongoing basis.

Organization and business role modeling: As business roles are developed, they may need to be associated with organizational characteristics, especially reporting and working relationships.

Business role management: From the business perspective, roles are viewed as a set of responsibilities performed in conjunction with a position in the organization. The system should be able to define, maintain and examine existing roles to determine if they can be repurposed.

IT role modeling: From the perspective of access management and authorization, resources should be managed at as general a level as possible. This requires the association of users or business roles to specific privileges or permission sets, which the tool should enable. The tool should also enable business and IT roles to be mapped to one another.

IT role management: Similar to business roles, IT roles need an administrative mechanism to define, maintain and search roles.

Role reconciliation: The solution should provide a way to identify who is assigned to one or several roles, when and how the assignment was made, and when it should be reviewed. A similar capability should be provided for IT roles.

Policy definition and management: Roles are frequently associated with policies, particularly from a separation of duties perspective. That is, someone acting in one role may need to be prevented from acting in another role at the same time, in a serial manner, under the direction of someone in a particular role or under some other condition. The system should provide for the definition and management, if not the discovery of policy, as well as the association of policies to roles.

Role and policy publication: The system may become the authoritative source for publishing role and policy information.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.
Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Mary Brandel

Latest Videos

More videos

Blog Posts