Role Management Considerations

Use

Role Management allows you to manage roles from multiple systems with a single unified role repository. The roles can be documented, designed, analyzed for control violations, approved, and then automatically generated. It enables standardized practices to ensure that role definitions, development, testing, and maintenance are consistent across the entire enterprise.

Implementation Considerations

• Designing a role naming convention

• Creating an integration of role management into ongoing role development, testing, and change management processes

• Identifying users when defining roles, such as role owners, security administrators, and user administrators

• Defining goals, such as role optimization or consolidation, user access optimization, and risk and change request reduction.

• Identifying custom reports

Features

The application allows role owners and security administrators to:

• Track progress during role implementation

• Monitor the quality of the implementation

• Perform risk analysis at role design time

• Set up a workflow for role approval

• Provide an audit trail for role modifications

• Maintain roles after they are generated to keep role information current

Roles and Role Assignment

A role is a predefined set of access permissions. In this model, access is not granted to individual users, but rather to roles.

Different users need to access the same module or application yet require different levels of access. For any application, multiple roles exist that include some form of access. Role assignment defines both the application to which the user has access, and the level of access the user is granted within the application.

Risk Analysis and Mitigation

One key element of provisioning is the identification and mitigation of risk.