| |
Devising a complete and correct set
of roles has been recognized as one of the most important
and challenging tasks in implementing role based access
control.
One of the major challenges in implementing a
comprehensive privilege management is to define a complete
and correct set of roles. This process, known as role
engineering, has been identified as one of the costliest
components in realizing privilege management in an
organization.
There are two basic approaches towards role
engineering: top-down and bottom-up. The top-down approach
begins with defining a particular job function and then
creating a role for this job function by associating needed
permissions. Often, this is a cooperative process where
various authorities from different disciplines understand
the semantics of business processes of one another and then
incorporate them in the form of roles. Since there are often
dozens of business processes, tens of thousands of users and
millions of authorizations, this is rather a difficult task.
Therefore, relying solely on a top-down approach in most
cases is not viable.
In contrast, the bottom-up approach utilizes the existing
permission assignments to formulate roles. Starting from the
existing permissions, the bottom-up approach aggregates
these into roles. Identris purports the use of a mix of the
top-down and the bottom-up approaches to conduct role
engineering. This approach tries to use best of both
techniques. |
|
|
Identris uses its expertise in the following best of the breed products to help customers re-engineer roles: |
- Oracle Role Manager
- Eurekify
- Vaau RBACx
|
|
|
