Role Based Access Control (RBAC) and User Attestation..

Problem

Like most organizations the need to comply with both government regulations and internal security audit controls are an ever-present challenge. The client had identified the need to implement a Role Based Access Control (RBAC) model to address some internal audit findings. The client had a well-defined process to handle the disabling and deleting of user accounts upon termination, but the challenge was the transfers of existing users and provisioning of new users with the correct level of access for their job. 

Transferred users would often have entitlements that were carried over from their previous job function. In the case of new user creation the process was to create a new user by mirroring an existing account(User Attestation). This often resulted in the new user gaining extra access rights that they don’t need to perform their daily job function. In addition, there was no complete and efficient process to review user entitlements to make informed decisions about whether to clean up or retain that level of access.

Solutions

The client’s primary requirement was for a tool that provided comprehensive Role Engineering and Enterprise Role Management functionality, to define and manage roles moving forward.  The client engaged Simeio to utilize the RBACx technology to assist in the creation of roles to migrate to an RBAC model.  Utilizing the proven methodology and the advanced data mining algorithms in RBACx, the client was able to define enterprise and departmental roles across 3 platforms and 88 applications. Once users were assigned to roles, the client was able to leverage the Role vs. Actual Analysis feature in RBACx to identify any entitlements that were not required for a user to perform their job.  Additionally, the client was able to empower the Business Unit/Manager representatives to certify/revoke user entitlements utilizing the glossary feature in RBACx that allows for business friendly terms and descriptions to replace technical entitlement names.

To meet the needs of this client Vaau used a hybrid approach for role mining. Users were grouped according to Managers and mining was conducted for each group which represented every employee reporting a particular Manager.  Initial mining was carried out across the three major platforms to identify clusters of users based on their entitlements. Roles were created based on the mining results.

About Us

Simeio Solutions is a professional services and management consulting company with a strong collective background in implementing identity and role based access control solutions, supporting Fortune 1000 clients.

We offer a unique perspective, utilizing leadership team experience and best practice knowledge which was gained while on the client side of multiple identity management implementations. Our clients appreciate this perspective. They find that it adds substantial value when defining their own sustainable operations processes, developing roll out plans and building collaborative successful project teams.