rbac

10/16/2009

BTQ Podcast - Real World Role Management

Check out the podcast by Matt Modica from ESI and Nick Crown, PLM for Sun Role Manager & Identity Manager on here

The discussion is centered around the Identity & Access Mgmt. project undertaken by ESI, their architecture, challenges faced and lessons learned.

Posted at 11:02 AM in audit/compliance, identity mgmt, rbac, role admin, role engineering, role manager | | Comments (0) | TrackBack (0)

Sun Role Manager 5.0 Resources

Sun Role Manager 5.0 released, check out the list of resources on the Sun website:

Sun Role Manager Website

Sun Role Manager 5.0 Press Release

Sun Role Manager Product Download

Sun Role Manager 5.0 Product Documentation Wiki

Sun Role Manager 5.0 Solutions Brief

Sun Role Manager 5.0 Product Overview Screencast

Sun Role Manager 5.0 SIEM Integration Brief

Sun Role Manager 5.0 Role Engineering Whitepaper

Access Certification with Sun Role Manager Whitepaper

Sun Role Manager Joint Whitepaper on Access Certifications with partner Simeio Solutions

Everyday Role Management Webinar

Identity Administration & Compliance Webinar

Posted at 10:47 AM in compliance manager, identity services, product mgmt, rbac, role admin, role engineering, role manager, role standards, the warehouse | | Comments (0) | TrackBack (0)

Sun Role Manager 5.0 Overview Screencast

Check out the Sun Role Manager 5.0 Screencast here.

Posted at 10:42 AM in compliance manager, rbac, role manager | | Comments (0) | TrackBack (0)

10/08/2009

Sun Role Manager 5.0 Released!

Check out the latest release of Sun Role Manager at:

www.sun.com/rolemanager

Product features include:

360-degree view of assigned access
  • Goes beyond “who has access to what” to reveal what was done with the access, including policy violations and potential violations
Provides information to make intelligent decisions concerning user access
Closed-loop remediation
  • Provides an automated, end-to-end solution for reviewing and revoking access
  • Automatically verifies remediation and sends alerts if remediation does not take place
  • Helps control cost of compliance by automating processes
  • Reduces risk of policy violations and compliance failures
Rule lifecycle management
  • Applies role lifecycle management technology to audit and role assignment rules
  • Proactively determines impact of rule changes on access assignment processes
  • Provides API for remotely executing rule assignment and SoD rules
  • Improves audit effectiveness by capturing rules history
  • Provides information for decision making
  • Simplifies integration with systems that utilize Role Manager as authoritative source for roles
Role engineering
  • Conducts role mining based on organization, user, and entitlement attributes
  • Performs both top-down and bottom-up role mining
  • Uses rule discovery to correlate rules between approved roles and attributes for use in role assignment
  • Improves alignment between IT and business organizations by mapping business roles to underlying entitlements
  • Reduces the cost of defining roles by automating manual processes
Role maintenance
  • Provides role approvals upon detection of entitlement updates
  • Performs impact analysis before changes
  • Allows for the definition of temporary roles
  • Enables simple changes in access based on changes in job responsibilities
Improves organizational flexibility by making it fast and easy to change access based on business needs
Role certification
  • Improves alignment between IT and business organizations
Access certification
  • Reduces costs by automating existing manual controls
  • Enhances audit effectiveness by enforcing concept of least privilege
Policy enforcement
  • Enables enterprise-level monitoring of access for conflicts in SoD and security policy
  • Supports inter- and intra- application policy enforcement
  • Provides complete lifecycle management of a policy violation
  • Reduces business risk associated with failed access controls
  • Enhances audit effectiveness by enforcing security policies related to SoD and least privilege
  • Reduces costs by automating existing manual processes for enforcing security policies
Compliance dashboard
  • Delivers an enterprise view of certification status
  • Provides an enterprise view of policy exceptions
  • tracks policy exceptions by type and business unit
  • Provides historical trending analysis
Improves compliance by providing an easily accessible view of activities
Data collection based on extract, transform, and load (ETL)
  • Enables integration with any resourceful
  • Eliminates the need to write connectors to applications
  • Ensures ability to access entitlement data
  • Increases efficiency and cuts costs by reducing time to load data by 70%

Posted at 12:43 PM in compliance manager, identity mgmt, rbac, role engineering, role manager, role standards, siem/log mgmt | | Comments (0) | TrackBack (0)

Technorati Tags:

05/03/2009

Benefits of RBAC

Roles Why is it so important for organizations to move towards Role Based Access Control as a means for managing user identities? This mechanism of providing, managing and auditing IT access is starting to be widely accepted, though might not be a the most loved, due to various reasons. Instead of focusing on some of the challenges that make implementing RBAC somewhat of a pain, I would like to talk about the benefits that organizations gain over time, implementing this model for day to day access governance. Lets start jotting it down:


1) Since roles in an organization are relatively persistent with respect to user turnover

and task re-assignment, RBAC provides a powerful mechanism for reducing the

complexity, cost, and potential for error of assigning users permissions within the

organization.


2) Roles support Role Hierarchies, a parent-child relationship, whereby all parent role permissions are inherited by the child role, which is typically more of a specialized role. This prevents role explosion and encourages re-usability in the RBAC model.


3) Roles map naturally to the line of business and organizational structure of an enterprise, allowing for a more streamlined and understandable security policy definition and enforcement. This is in contrast to the more conventional and less intuitive process of attempting to administer lower level

access control mechanisms directly.


4) RBAC is policy-neutral which enables it to support different security policies. RBAC also directly supports three well-known security principles: least privilege, separation of duties, and data abstraction.


5) RBAC provides superior administrative capabilities with regards to Role content or privilege updates to users. Instead of re-assigning privileges to a large population of users, updating the Role content automatically updates the Role assignment, saving time and resources.


6) RBAC, coupled with provisioning solutions that support RBAC, provides a strong one-two punch for centralized access control in an organization. RBAC truly simplifies the definition, development and maintenance of provisioning processes.


7) Roles bridge the communication gap between business and IT regarding complex access definitions. 


8) Roles allow employees to request access more easily and naturally move them towards the concept of least privilege, prohibiting access collectors over time.


9) RBAC allows more efficient reviews of access through Role Vs. Actual assessments, extremely valuable to audit teams in an organization.


These may be just few of the advantages of implementing Role based access control, but they are definitely worth the time and effort of implementing an RBAC solution. Next, I want to talk about the fundamentals of RBAC (without all the technical hoopla!) and then talk about best practices of implementing this model in your organization (with minimal time and effort), so stay tuned.


To know more about the advantages of RBAC, listen to this wonderful overview from Nick Crown.

Posted at 06:55 PM in rbac | | Comments (1) | TrackBack (0)

Technorati Tags: , ,

02/20/2009

Sun Role Manager 4.1

Role Manager 4.1 is officially released! High level features include enhanced Identity Certification features including a richer, more intuitive UI experience for the end user, superior Role Administration features, advanced user search capabilities, enhanced orphan account correlation and improved integration with Sun Identity Manager.

Features & Benefits:
1.0 Enhanced Identity Certification Features: Advanced user population selection strategy, ability to delegate a certification to any user in the Identity Warehouse, additional certification options for accurately identifying users, Roles and entitlements, ability to export in progress certifications as reports to certify them offline, ability to track revocations of completed certifications, advanced configuration & workflow options unique to each certification, and the ability to end date certifications.

2.0 Enhanced UI for User Access Certifications: Richer, more intuitive user access certification experience with emphasis on usability and interaction design. A completely re-designed user interface following a simple two-step process to certify user Roles and entitlements, advanced drill-down, search and filtering capabilities, display/collapse navigation panels and the ability to generate in-progress certification reports for offline sign-off.

3.0 Enhanced Role Engineering & Administration: Robust Role Engineering & Administration capabilities which include the ability to schedule Role mining using a robust job scheduler, display entitlement glossary during Role mining, ability to generate reports from Role mining results in multiple formats, revised Role History module, enhanced Rule Engineering capabilities such as Rule Based Role Removal, Provisioning Policy Lifecycle Management, mass modification workflow, advanced Role search and Role copy features.

4.0 Improved Identity Warehouse & Custom Reporting: Role Manager 4.1 includes an improved Identity Warehouse where Account information is supplemented with an Accounts Type field, a sophisticated search engine allows creation of complicated search conditions and searching on any of the commonly populated user fields, and the correlation mechanism is augmented by the Manual Correlation capability that allows correlation of orphan accounts and changing the associations of correlated accounts from the UI.

5.0 Improved integration with Sun Identity Manager: Any Roles and surrounding metadata designed in Sun Role Manager can be easily exported to Sun Identity Manager, also leveraging the new Business Roles/IT Roles feature in Sun Identity Manager 8.0, thus leading to a more complete consumption of Roles in Sun Identity Manager. Role Manager 4.1 provides enhanced performance and efficiency when integrated with Sun Identity Manager, promoted by the ability to import only new or modified users and user accounts from Sun Identity Manager to Role manager via an enhanced SPML configuration.

6.0 Enhanced API Support: Role Manager 4.1 extends the comprehensive set of Web Services provided in 4.0 to cover major functionality of the solution. Enhancing the API provides the ability for users to integrate Role Manager with other applications in their IT infrastructure.

7.0 MySQL Support: Role Manager 4.1 now adds support for MySQL deployed in both Windows and UNIX environments, a major addition to its existing support of MS SQL, Oracle and DB2.

Posted at 03:00 PM in rbac | | Comments (0) | TrackBack (0)

My Photo

About

Categories

February 2010

Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28            

Blogroll

Search

  • Google

    WWW
    neilgandhi.net

Recent Posts

Archives

More...

My LinkedIN Profile

del.icio.us bookmarks

My Other Accounts

Add me to your TypePad People list
Blog powered by TypePad