CA Identity Governance Implementation Guide › Introduction › Product Overview

Product Overview

CA Identity Governance complements CA Identity Lifecycle Management products with analytical and client tools for Role-Based Access Control (RBAC).

In RBAC, predefined roles codify common resource usage patterns. Often these roles bundle access rights related to specific business tasks and responsibilities. Users are assigned one or more of these roles based on their current duties, allowing access to only the resources they need.

CA Identity Governance supports implementation of RBAC in the enterprise in several ways:

• Role Discovery: CA Identity Governance imports data from CA Identity Manager and other provisioning nodes throughout the enterprise. Based on this data, CA Identity Governance provides powerful analytical tools that efficiently discover common usage patterns and construct an optimized role hierarchy that provides most users the resource access they need. The database and role hierarchy are constantly updated based on user, resource, and provisioning information from across the network.
• Certification: periodically, managers throughout the enterprise certify their workers' access privileges - by reviewing the roles assigned to them. Similarly, resource owners periodically review the users and roles that link to their resource. In some jurisdictions, these certifications are mandated by law. CA Identity Governance implements these certifications with a workflow.
• Real-Time Provisioning Support: provisioning nodes can query CA Identity Governance in real time using a set of web services. These web services suggest role profiles for users, and answer "what if" questions. In addition, CA Identity Governance can export changes to these nodes, creating account templates and other provisioning tools that reflect the best practices of the role hierarchy. In this way, the role hierarchy proactively controls the privileges assigned to users - realizing the promise of role-based access control.