In many enterprises, modeling the permissions for a new employee on those of a member of staff whose job description involves similar tasks is still the established practice.
Our presentation not only points out the dangers of working in this way, but also describes the procedural method that is to be aimed for, especially with regard to compliance considerations.
This method combines the functions involved in the creation of roles (role mining), the use of roles in provisioning, and the authorization of changes by means of workflow components, thus providing a homogeneous whole that describes the entire life cycles of roles. The presentation demonstrates how this procedural model takes the functional view of an employee's role and translates it into concrete technical permissions that are immediately usable in the day-to-day work environment, and whose logic is clear to all concerned.
Based on our practical experience in role management projects, we will also present solutions for working with dynamic roles and handling the numerous dependencies that exist between roles.