A role is a common set of privileges shared by a group of users within an organization. These privileges usually include resources that are integral to users’ performance of their role. The Discovery menu provides a set of tools for examining imported user and resources data in order to distinguish roles embedded in long lists of users and resources data. Client tools implement internal algorithms to “discover” and “propose” role candidates. The Role Engineer provides input during the discovery process by determining criteria and thresholds.
These discovery tools represent different strategies that can be implemented in the role discovery process. The Role Engineer can use one, some or all the strategies in the course of the role discovery process, depending on the nature of the specific organization under examination.
Users can have different sets of privileges that are presumably related to several different roles that they perform. Therefore, roles proposed must be carefully examined and refined to establish conformance with the existing situation within the organization.
This section contains the following topics:
Discovering Characteristic Roles
Discovering Modeled-After Roles
Defining Roles Manually and for a Select Group of Users/Resources
Identify Almost Perfect Matches
|
Copyright © 2014 CA.
All rights reserved.
|
|