25.1 Overview of Roles

Identity Governance enables you to manage both the technical and business roles in your organization. To enable easier management of these roles, Identity Governance assigns technical role administrators and business role administrators with separate but overlapping responsibilities.

Business roles organize people by their business function and user based attributes to solve questions of what users should have access to because of who they are or what they need or might have an option to request without additional approval.

Technical roles organize lower level permissions into sets of permissions that offer enough business value to be reviewed and assigned as a unit or requested as a unit. Technical roles are designed to limit the number of review items and surface permissions in ways that can be presented to typical non-administrator users.

Figure 25-1 contains an example of how the different types of roles overlap. All full-time employees are authorized to have access to the HR Tools, Exchange Mailboxes, Lync, and My Meeting. Accounting clerks are authorized to have access to Document Control and Account Administration, a technical role that the technical role administrator has created in Identity Governance. When you include a user as a member of a business role of Full-time Employee and Accounting Clerk, Identity Governance authorizes the user to have any of the mandatory or optional technical roles or permissions listed for the given role. Mandatory permissions could potentially be automatically provisioned, while optional permissions could be assigned at a later time without further approval as they have been pre-approved by the policy. This saves you time, effort, and error and enables controlled access through business roles. To understand how your entitlement assignments confirm to your business polices, you can view the Role Leverage widget on the Overview page. For more information, see Viewing Entitlement Assignments Statistics to Leverage Roles.

Figure 25-1 Detailed Example of the Overlap between Business Roles and Technical Roles

NOTE:This chapter primarily discusses business role policy concepts and procedures. For information about technical roles, see Managing Technical Roles