25.10 Analyzing Business Roles

Identity Governance allows you to improve role quality and effectiveness by providing you with various analytical tools. To maintain an effective role model, it’s important that organizations are able to understand the quality of the roles that have been implemented. For example, a business role might be created that has all or almost all of the members as another role or a Technical Role might have the same permissions as another role. This might indicate that these roles are redundant and aren’t actually needed. Using role analysis, you can analyze selected business roles, all business roles, or membership expression to existing roles to find:

  • similarity in memberships and authorizations

  • effectiveness of the selected business roles based on percentage of users that hold the role authorizations

  • members and authorizations in common

  • members without mandatory authorizations

  • members without auto-grant authorizations

To analyze business roles:

  1. Log in to Identity Governance as a Business Role or Global Administrator.

  2. Under Policy, select Business Roles.

  3. Select Analysis tab.

  4. Select an Analyze option and configure related parameters. For example, when selecting similarity analysis, you can modify the default similarity threshold. If you specify 60%, then the results will displays business roles that have 60% of similarity for any authorization or membership.

    NOTE:Business role similarity and Common authorizations analysis can be performed on published or unpublished business roles, while Authorization effectiveness, Mandatory authorizations, and Auto-grant authorization analysis are only performed on published business roles. If there are unpublished business roles in the list selected for Authorization effectiveness, Mandatory authorization, and Auto-grant authorization analysis they will be highlighted, and skipped during analysis.

  5. Select Start Analysis.

  6. Click on the links in the analysis results for additional information such as comparison tables of memberships and authorizations in Business role similarity analysis, and list of members in Mandatory authorization.

  7. (Optional) Select Download as CSV to download the results as a csv file for further analysis.