Identity at the Center Identity at the Center #49 - Role Mining Lessons Learned
Jun 22, 2020
Join Helio Gomez, an IAM architect with expertise in role mining and SailPoint, as he dives into the lessons learned from role mining in identity management. He defines role mining versus role engineering and discusses how it can streamline entitlements while enhancing user-friendliness. The conversation covers applying least privilege principles in role design, the distinctions between IT and business roles, and the importance of clean data for effective mining. Helio also emphasizes the need for ongoing role governance and realistic RBAC goals to ensure success.
AI Snips
Chapters
Transcript
Episode notes
Role Mining Is Data-Driven Discovery
- Role mining analyzes entitlements across apps to find common combinations that map to potential roles.
- Use human evaluation after mining to decide which combinations become actual roles.
Combine Top-Down Engineering With Mining
- Role engineering is a top-down process defining roles from known job functions or attributes.
- Combine engineering with mining: human judgment refines data-driven role candidates.
Add Friendly Metadata And Owners
- Wrap friendly metadata around roles: names, descriptions, and owners so users understand them.
- Assign owners to roles to support approvals and periodic recertification.