Roles for the Real World:
Novell Identity Manager 4 Takes a Giant Step Toward Practical Role-Based Resource Management with Role Mapping Administrator
By Bill Tobey,
Novell Connection Magazine – January 2011
Here’s an excerpt:
Many claims have been made in these pages regarding the beneficial impacts that role-based resource management will inevitably have on the efficiency, agility and cost of IT operations. Among these have been promises that widespread adoption of roles would lead to:
- Reduced administrative workloads and costs through automated resource provisioning
- Increased user productivity through faster access delivery
- Tighter security through improved provisioning accuracy and real-time re-provisioning response to changes in work assignments and employment status
- Simpler, less onerous, more reliable compliance.
Getting There Can Be More Than Half the Work
At this point in time, however, the reality is that widespread adoption of roles as a resource management strategy has been held up by the real and perceived demands of practical implementation. And it’s true that most roll-outs must negotiate two significant cost and manpower hurdles: the upfront development of an enterprise role model, and the subsequent definition and lifecycle maintenance of role-resource relationships.
Before roles can be used to manage entitlements they must first be created in an identity management system such as Novell Identity Manager. A role is a construct that represents a group of users with a common set of functions and resource requirements, and it usually maps to an actual organizational role. Identifying the important roles that comprise an enterprise role model can be a significant front-end workload. It typically involves a combination of top-down analysis based on observation and description, and bottom-up statistical analysis to assess patterns in the existing distribution of access permissions. Tools like Role Lifecycle Manager (part of the Novell Access Governance Suite) can automate much of this analysis, but the process is inherently labor intensive and demands specialized skills that are often outsourced. Fortunately, once created, an organizational role model is relatively stable; so start-up labor and expenses are front loaded and largely non-recurring.
A second major focus of effort and expense is the process of assigning appropriate resource authorizations to each role. Because these requirements change as the organizational structure, business conditions and IT environment evolve, defining and maintaining these assignments is an ongoing process. Changes often require custom programming, and the burden of nearly continuous change management weighs on high-level personnel across the security, compliance and business operations domains. Over time, managing role-resource assignments often becomes a major drain on productivity and budgets, not to mention a real compliance headache. It’s often cited as a delaying factor in the launch of new business initiatives, and as a serious competitive disadvantage.
At least that used to be the case, before the release of Novell Identity Manager 4 Advanced Edition with Role Mapping Administrator.
Role Mapping Administrator is a breakthrough innovation in access management, a visual tool that lets line-of-business analysts make and modify resource assignments for existing roles quickly, easily and directly, without IT support.