Role Mining allows enterprises to analyze the access to resources that users within their organization have, and based on that analysis create Management Roles that reflect common access level assignments for specific groups of users. There are two approaches to role mining, top-down and bottom-up. The top-down approach involves analyzing current business processes to determine what Management Roles users need to perform tasks and is often linked to user attributes. For example, this approach could begin with the question, What do managers in location X require? Once the answer is derived, a role with the needed entitlements can be created for every person with those attributes. The bottom-up approach, on the other hand, looks at the common access level assignments that already exist within the organization and based on that analysis creates Management Roles.
In EmpowerID, role mining is a multi-step process that involves creating, running and analyzing "Role Mining Campaigns." Role Mining Campaigns produce "candidate roles" containing combinations of people and entitlements, which can then be analyzed and accepted or manipulated to create subsets of combinations. Once candidate roles are accepted, they can be published as standalone Management Roles, mapped to Business Roles and Locations or used to create new Business Roles and Locations. From a high level, the processes you need to follow to mine roles is represented by the below image.
The above image depicts two Role Mining campaigns. In the first campaign, candidate roles are analyzed and used to create a standalone Management Role as well as a Management Role that is mapped to an existing Business Role and Location. In the second campaign, candidate roles are analyzed and used to create a standalone Management Role a new Business Role and Location. The specific steps involved are as follows:
The topics in this section take you through each of these steps, showing you how to get started with Role Mining in your environment.