This option identifies users that have apparently accumulated excessive privileges (access to resources), i.e., they are potential collectors. This phenomenon often occurs when veteran employees move from job to job within an organization and accumulate privileges without relinquishing their previous ones.
Proprietary algorithms identify the suspected users based on the criteria and weighted values that the Role Engineer enters in the Identify Potential Collectors window. Generally, identification is based on a user who seems to be an exception among similar users who also possess many resources. Note that this option can be used even before any roles are defined, for example, to clean up an imported database.
Use the Details toggle button to show the whole Identify Potential Collectors window.
The following table describes the fields in the window:
|
|
Criteria |
Description |
|---|---|---|
|
Criteria |
Maximum number of users to propose |
Limits the maximum number of users displayed to no more than the indicated absolute number thereby preventing display of an unmanageable number of suspects. |
|
Maximum percent of users to propose |
The percentage of users to display out of all those who meet the criteria. |
|
|
Minimum number of resources per user |
Each displayed user will have at least the indicated number of resources. |
|
|
Evaluation Weights |
Organization |
Enter a value on a scale of 1 to 10 where 10 is the greatest value. |
|
Organization Type |
Enter a value on a scale of 1 to 10 where 10 is the greatest value. |
|
|
Country |
Enter a value on a scale of 1 to 10 where 10 is the greatest value. |
|
|
Location |
Enter a value on a scale of 1 to 10 where 10 is the greatest value. |
|
|
Title |
Enter a value on a scale of 1 to 10 where 10 is the greatest value. |
|
|
Cost Center |
Enter a value on a scale of 1 to 10 where 10 is the greatest value. |
The following is a typical configuration window showing results after running this option.
The Role Engineer can now examine each user one-by-one to determine if in fact any users are collectors of privileges (resources).
|
Copyright © 2014 CA.
All rights reserved.
|
|