Role Management

Role Management tools enable organizations to automate the often manual, cumbersome, and inefficient process of role creation and ongoing management. A role is a representation of a set of access rights to resources, which could correspond to a business function. Roles reduce the complexity of user administration by mapping a large population of users into a smaller number of well-defined roles, and can be extremely useful in the management and implementation of provisioning solutions. These roles ultimately become the cornerstone of ongoing user security policy management.

The problem arises when defining these roles. Most organizations attempt to identify roles based on easily accessible data, such as job code. Unfortunately, this type of approach is rarely successful because the resultant "roles" do not map cleanly to "access rights" patterns.

Two approaches to the problem include a "top down" approach and a "bottom up" approach. The "top down" approach uses organizational hierarchies as a basis to define roles. The "bottom up" approach uses existing data on user accesses as a basis to define roles. A good Role Management system leverages both approaches where appropriate, can enforce Segregation of Duties (SoD) policies, as well as modify roles as business requirements change.