Sign up for this newsletter now!
Dave Kearns provides the information you need to evaluate, install and maintain your corporate identity management system.
- Share/Email
- Tweet This
- Print
When it comes to discussing roles, role management, role mining and role-based access control (RBAC) I do tend to start with
Bridgestream and Eurikify. They represent two different approaches to defining roles and so eminently qualify as examples.
But there are other companies in the space, and I want to talk about one of them today - Vaau.
Vaau isn’t a complete stranger to this newsletter, having been mentioned twice. Once after this year’s Catalyst conference and once after last year’s conference, when I listed it last in a string of role-related vendors. You might expect that it would be chiding me over this, but the
ever so polite EMEA Director of Operations, Mel Holloway, wrote in an e-mail: “Please excuse this approach I am not a spammer,
I am a fan (that’s stalker talk!!!).” He did catch my attention and reminded me to take a closer look at Vaau.
Vaau’s RBACx is based, says the company, on “role engineering.” This role and rule engineering engine is used for role mining,
rule mining, identity correlation, and access clustering. RBACx also uses advanced data mining algorithms to identify user
access correlations across key applications, and uses that information to develop and suggest application and enterprise level
roles and rules.
Vaau’s approach is to define multiple processes for roles:
* Role mining engine: A hybrid approach to role engineering, looking at a combination of organizational characteristics, user
attributes and characteristics and user’s current accounts and entitlements.
* Rule definition: Ability to generate rules from the role mining engine, assigned when new users are created or when accounts
and entitlements are imported into RBACx.
* Roles based on template users: Once the accounts and entitlements of user are imported into RBACx, new roles can be created
based on the existing access of some template users.
* Import of existing roles from an authoritative source: RBACx has the ability to import roles from any authoritative source,
like ERP, mainframe or an existing identity management system. Once imported, the content of these roles can be refined to
obtain enterprise roles.
* Role vs. actual analysis: After the roles are defined in RBACx an analysis can run and RBACx can search for exceptions where
user’s actual access does not match his/her role based access. This can be used to refine the role content prior to pushing
the roles to the provisioning solution.
Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.
Comment