oracle role management business level
DESCRIPTION
Why role management can be a benefit to existing IDM installations. Presented by Carl TerrantroyTRANSCRIPT
![Page 1: Oracle Role Management Business Level](https://reader034.vdocuments.net/reader034/viewer/2022051820/552968ea4a795968158b4742/html5/thumbnails/1.jpg)
<Insert Picture Here>
Oracle Role Manager
Carl TerrantroyDirector Market Initiatives ANZ
![Page 2: Oracle Role Management Business Level](https://reader034.vdocuments.net/reader034/viewer/2022051820/552968ea4a795968158b4742/html5/thumbnails/2.jpg)
2
Roles In The Real World
Org=Corporate
Org=Finance
Org=APAC
Org=Sales
Org=Marketing
Org=EMEA
Org=Americas
Part Of Reports Into Matrix Into Job Sharing Head Of Pays For
Ps=John
Ps=AR Clerk
Ps=Jane
Ps=Ian
Ps=Raj
Ps=Clark
Ps=Wang
Ps=Irene
Ps=Kelly
Ps=AmitPs=Vladimir
![Page 3: Oracle Role Management Business Level](https://reader034.vdocuments.net/reader034/viewer/2022051820/552968ea4a795968158b4742/html5/thumbnails/3.jpg)
3
Challenges With HR & LDAP
• Functional roles usually do not match org. hierarchy• Contractor management is complex• Limited out-of-the-box integration
![Page 4: Oracle Role Management Business Level](https://reader034.vdocuments.net/reader034/viewer/2022051820/552968ea4a795968158b4742/html5/thumbnails/4.jpg)
4
<Insert Picture Here>
Agenda
• Why Role Manager• IDM Integration• Role Concepts
![Page 5: Oracle Role Management Business Level](https://reader034.vdocuments.net/reader034/viewer/2022051820/552968ea4a795968158b4742/html5/thumbnails/5.jpg)
5
The Evolution of Identity ManagementThen We Added Provisioning Tool …..
ApplicationsUser
TheIT Dude
TheHelpdesk
Guy
The CatWho MakesThe Rules The Boss
Resolving policies into WHO is not trivial
Rules and polices are constantly changing
But Provisioning Tools Are Not “Business Smart” …..
Provisioning helpswith self service& administration
Provisioning helpswith automation & audit
![Page 6: Oracle Role Management Business Level](https://reader034.vdocuments.net/reader034/viewer/2022051820/552968ea4a795968158b4742/html5/thumbnails/6.jpg)
6
The Evolution of Identity ManagementEnterprise Role Management Completes The Puzzle
Applications
Provisioning helpswith self service& administration
Provisioning helpswith automation & audit
Role Management helps define who has
to do what
Role Management helps define who should have
access to what
UserThe
IT Dude
TheHelpdesk
Guy
The CatWho MakesThe Rules The Boss
![Page 7: Oracle Role Management Business Level](https://reader034.vdocuments.net/reader034/viewer/2022051820/552968ea4a795968158b4742/html5/thumbnails/7.jpg)
7
Required Bolt-OnComponentsProvisioning Platform
Open ArchitectureSun, IBM, CA, Novell
User & PolicyRepository
LDAP
Workflow &Other Meta DataDatabase & File
Transaction &Audit LogsDB & File
HR-LDAPSynchronization
Workflow
RoleManagement
Reporting &Attestation
SEMLog Correlation
MessagingBus
Store key onlyNo provisioning historyNo reconciliation history
CustomIntegration
No historyorUser Profile History Log
No rogue entitlementDetection
ReportingDB
Real-time scan reporting
Manually configured event logging
![Page 8: Oracle Role Management Business Level](https://reader034.vdocuments.net/reader034/viewer/2022051820/552968ea4a795968158b4742/html5/thumbnails/8.jpg)
8
Role Lifecycle Manager
Polyarchy Manager
Logical Architecture
Services
User Interfaces RoleAdmin
Mining
ReportingAuditing
DataLoading
RoleProvider
TemporalEngine
Security
Permissions
Views
• Organization Hierarchies • Cross Hierarchy Relationships• Life Cycle Management
• Business And IT roles• Approver Roles• Privileges• Role Mappings• Dynamic Membership Rules• Membership Rule Simulation• Sphere of Influence• Event Driven Role Recalculation
Mining Engine
• Role And Rule Mining• Role And Rule Export• Role Clean Up• Rogue Access Detection• Role Cleansing For Seg. of Duties
API
![Page 9: Oracle Role Management Business Level](https://reader034.vdocuments.net/reader034/viewer/2022051820/552968ea4a795968158b4742/html5/thumbnails/9.jpg)
9
Role & Rule Mining
• Role mining• Rule mining• Exports roles and members for ongoing
role management
ApplicationsApplications
Mining EngineMining Engine
Role ManagementRole Management
Accounts,Attributes,
Entitlements
RecommendedRoles
& Rules
![Page 10: Oracle Role Management Business Level](https://reader034.vdocuments.net/reader034/viewer/2022051820/552968ea4a795968158b4742/html5/thumbnails/10.jpg)
10
Polyarchy With Relationship Resolution
Ps=JohnVP Sales
Ps=VladimirGM, EMEA
Ps=AmitGM, APAC
Ps=KellyGM, Americas
Ps=JaneAccount Manager
Ps=IanAccount Manger
Ps=RajAccount Manager
ORM Polyarchy
Engine
Show sales team grouped
by geographical business unit
hierarchy
![Page 11: Oracle Role Management Business Level](https://reader034.vdocuments.net/reader034/viewer/2022051820/552968ea4a795968158b4742/html5/thumbnails/11.jpg)
11
Approver Role
• Relationship based roles that capture approval policies• Role membership resolved in real time for any service
![Page 12: Oracle Role Management Business Level](https://reader034.vdocuments.net/reader034/viewer/2022051820/552968ea4a795968158b4742/html5/thumbnails/12.jpg)
12
Role Administration
• Centralized enterprise role management• Support for complex rules• Ease of use for business users• Real-time integration
System Privileges
IT Roles
BizRoles
![Page 13: Oracle Role Management Business Level](https://reader034.vdocuments.net/reader034/viewer/2022051820/552968ea4a795968158b4742/html5/thumbnails/13.jpg)
13
Business Rules ERM Can Cope With
• Compliance manager is the financial analyst assigned to the division
• Level-up manager is manager’s manager and at least one grade higher
• Risk manager cannot approve his own transactions• When approver position is empty find the level-up
manager within cost center• In catastrophic events, approver changes from regional
general manager to line-of-business manager• Branch manager delegates must have series 9 – 10
certifications
![Page 14: Oracle Role Management Business Level](https://reader034.vdocuments.net/reader034/viewer/2022051820/552968ea4a795968158b4742/html5/thumbnails/14.jpg)
Role Consolidation through Role Mining
![Page 15: Oracle Role Management Business Level](https://reader034.vdocuments.net/reader034/viewer/2022051820/552968ea4a795968158b4742/html5/thumbnails/15.jpg)
15
Summary
• Missing link between binary IT systems and adaptable organisation structures
• Copes with loose structures like dotted line reporting• Extend the capability of your existing IDM investment
![Page 16: Oracle Role Management Business Level](https://reader034.vdocuments.net/reader034/viewer/2022051820/552968ea4a795968158b4742/html5/thumbnails/16.jpg)
16