Role Management projects sometimes are stated as too complex. Yes, there are projects which failed due to their complexity. On the other hand, a recent Kuppinger Cole report based on a survey proves that the average number of business roles is relatively small. On the other hand, the complexity of role models for specific system environments (even SAP) is manageable. Thus, defining and implementing role models with multiple layers can be done - and it can be lean.
The keys, from my perspective, are the use of multiple clearly defined, separate layers of roles, defined responsibilities for roles within a role lifecycle management approach, and a separation of the overall project into different projects for business roles, IT-functional roles and the role models of different systems. There are some other best practices. Anyhow, it is obvious that managing a few Hundred or, at the system level in some cases even some few Thousand roles is much easier than managing all the single entitlements at the system level we are dealing with today. Role Management can be lean. And you can learn more about this in a webinar we will do tomorrow together with some of the vendors in the role management market.
By the way: The emerging market of vendors with strong role management capabilities underlines that role management isn't too complex. There are many vendors out there which have successfully deployed role management implementations, either as part of specific role management products or as part of their GRC or IAM products.