Role- and Rule-Basing Part 1: Introduction
Source: Security Catalyst - Posted by Alex   
Host Security At this point in the identity management process it is time to consider what access the company’s job functions should have to begin creating roles and rules. This is the first step in automating provisioning and de-provisioning. Even without automation, creating and managing the roles and rules will make manual provisioning (and auditing!) quite a bit faster and definitely more accurate. It’s taken this long to get here for a few reasons:

  • The initial user cleanups provided information on who’s who in the organization, and ensured that unused accounts were eliminated – no sense in role-basing users who aren’t around anymore, right?
  • The secondary user cleanups hopefully gave some ideas of what access users have, and provided the baseline data to do the discovery work that we’ll discuss this month.
  • The HR work set expectations of what’s available in the HR system, and also allowed the IDM team and the HR administrators to build a relationship and a common vocabulary. This will help the IDM team to ask questions in the right way, and the HR team to know how to interpret and answer those questions.

In the event the above exercises are still ongoing, I suggest you complete those as much as possible before starting on this one as they build the foundation for continued success.

Ready for roles and rules? Let’s get started!

Read this full article at Security Catalyst

Only registered users can write comments.
Please login or register.

Powered by AkoComment!