Identity Governance uses advanced analytics to mine business data and identify role candidates. This process of discovering and analyzing business data to logically group permissions to simplify the review process or allow grouping of related permissions under one technical role candidate is called technical role miningor role discovery. Global or Technical Role Administrators can use role mining to create technical roles with common permissions. Identity Governance uses two approaches to technical role mining to identify technical role candidates.
Automatic Suggestions approach enables administrators to direct the mining calculations by either saving the defaults, or by specifying the minimum number of permissions that a specified number of users should have in common, coverage percentage, the maximum number of role suggestions, and other role mining options, and saving the options.
Visual Role Mining approach enables administrators to select role candidates from a visual representation of the distribution of users based on permissions. Administrators can click in the user access map and drag to select an area on the map, and then view technical role candidates.
Technical role candidates can also be generated when using mining to create business roles. For more information about business roles, see Section 16.0, Creating and Managing Business Roles.
NOTE:Mined business or technical roles are created in a candidate state. You can edit and save role candidates, but you must promote them before you can approve or publish them as a role.
HINT:If you have a large catalog of users and technical roles, data mining performance might be very slow and eventually fail. Use the Configuration Utility console mode commands set-property com.netiq.iac.analytics.roles.technical.MaxPermSize 10000 and set-property com.netiq.iac.analytics.roles.technical.MaxUserSize 10000 to change the size to 10000 and improve data mining performance. For more information about the utility procedures, see Using the Identity Governance Configuration Utility
in the Identity Governance 3.6 Installation and Configuration Guide.