1 Management Summary
Managing access to resources within an organization is one of the essential tasks in Identity and Access Management Systems (IAM). Being able to access an application system and to use an adequate subset of its functionalities usually requires the execution of administrative tasks within the individual application which provide the required authorisation to a user and his or her associated account. The entirety of the required access for an individual user is defined by the set of all business processes that need to be executed and covers a variety of access rights across a multitude of systems technically reflecting the functionalities associated with the individual business processes.
Many organizations choose to create an enterprise role design breaking down existing complexity into manageable roles as both tool for organizational processes and to achieve efficient security management. However, defining, implementing and maintaining an enterprise role model remains a substantial task and many projects fail.
This Advisory Note presents KuppingerCole’s approach towards Enterprise Role Management. It emphasises a fully strategic approach that is strictly deploying a top-down methodology which derives business roles from the entirety of business processes by identifying relevant actors within these processes. By applying stepwise refinement these business roles are subsequently mapped to system-level roles as provided through a clearly defined interface to target systems.
Defining, implementing and continuously maintaining Enterprise Role Management processes requires a strong and consistent organization involving various stakeholders across the enterprise structure and has to rely on substantial, consistent and strategic management support. Role Management processes which are not fully embedded in an organisation’s administrative processes are typically destined to fail due to a lack of enterprise commitment.